Brickerbot is mysterious antimalware that nukes badly secured Internet of Shit gadgets


#1

Originally published at: http://boingboing.net/2017/04/25/solving-machines-with-machines.html


#2

I fully approve of this. Nuke these shitty devices


#3

What a perfectly elegant solution to what was turning into a real clusterfuck. The makers of the devices clearly didn’t give a shit, as long as people kept buying, and people kept buying as long as the threat to them was vague and distributed, if not totally invisible. But shutting the devices down not only solves the immediate problem, it also is pretty much the best way to force manufacturers to add a layer of security. More effective than regulation would be, in this case, and it’s a constant, live-fire test of the security capabilities. Of course, manufacturers will milk some DMCA-related whining about BrickerBot as long as they can before actually investing in building better products.


#4

This will either get them to stop making devices connected to the internet which have no reason to connect to the internet (best case scenario), get people to stop buying them, or get the manufacturers to finally start taking security seriously. I feel a slight bit of sympathy for the consumer who gets their device bricked, but if it’s either that or having it be a node in a malware net, I think Brickerbot is doing them a favor in the long run.


#5

I think I need new glasses.

I read that as “Mysterious Animalware.”


#6

#7

The issue of botnets created by shitty IOT devices was near impossible to solve - consumers were ignorant, manufacturers had no motivation to fix things, the devices were being made by international groups that would be difficult to target with the laws of only one country - it was a virtual Gordian Knot. This approach is very much cutting the Gordian knot. I’m impressed. I feel bad about all the bricked devices, but this was pretty much the only workable solution.

Well, it is a worm, isn’t it?


#8

BrickBatterBot to take out BrickerBots coming soon!


#9

Now you understand the attraction of vigilante justice. :wink:


#10

Maybe. Feels less like justice and more self preservation to me.


#11

This is why we can’t have nice internet-of-things.


#12

It’s sort of the opposite of vigilante justice. The “punishing people/companies” bit is the undesirable part one would like to avoid in this case - an unfortunate side-effect. It’s creating conditions in which doing the right thing becomes more desirable (or even necessary) for manufacturers. If anything, it’s “vigilante legislation” - but it’s not that either.


#13

vigilante invisible hand?


#14

DexterBot.


#15

Please excuse the rant, but I feel the need to appeal for help fixing this problem for once and for all.

While this may be an effective measure in the short term, it doesn’t solve the root problem… which is the complete lack of a suitable OS for connecting to the internet. Windows, Linux, Apple all fail to provide the one essential feature that you need in a world of mobile code and persistent internet connectivity… Capability Based Security (CabSec).

CabSec shifts the burden for limiting the side effects of code to the place it belongs… the operating system, It does this by never, ever trusting application code, and instead allowing the user to chose the side effectst to be allowed, at runtime.

Lots of things sucked back in the days of dual floppy drive PCs, but the one thing that was outstanding was the freedom with had, because our systems were secure. We could quickly make and test our own copy of the OS, and then write protect it. We could also do this with our data. Barring code that somehow bricked the system, we were free to try anything we wanted, without fear, because we had a transparent and effective way of limiting the scope of what a program did… even though we didn’t see it as a feature at the time.

CabSec brings back that freedom… we need to make it a reality… any help getting this concept pushed out into the mindspace of the programming community would be greatly appreciated.

Again, Sorry this turned into a rant… but I firmly believe that this can actually be fixed, but it aint simple.


#16


#17

I was thinking “vigilante Darwinian pressure,” but yeah, that.


#18
Destroy the weak

#19

You’re getting brutal, Sark. Brutal and needlessly sadistic.


#20

Nihilism of Things