The Mirai worm is gnawing its way through the Internet of Things and will not stop


#1

Originally published at: http://boingboing.net/2016/12/09/the-mirai-worm-is-gnawing-its.html


#2

In a way it’s good - this was inevitable, so the sooner the better.


#3

It’s no surprise. Hopefully, IoT companies will help win the push against advertisers and spies for a more secure internet.

Up until now, I have avoided all IoT products, but now my wife wants an Amazon Alexa. Is there any indication whether they are safe? Or has Amazon left them just as vulnerable as most of the other crap out there?


#4

Curious who’s gettin’ the business end of Mirai?

https://twitter.com/MiraiAttacks


#5

Come on don’t tar all us IoT designers with this same brush … these devices should really be classified as “the Internet of Things Designed by People who don’t Understand Security”

At the same time we’re pointing out people who are doing wrong we should be pointing out those who are doping it right …


#6

The issue here is that always on, always connected devices ARE a legitimate danger, and there should be a modicum of protection for consumers for the shitty crapware they all come with.

Your software won’t be affected and I don’t know why it’d be taken personally, but the industry needs to step up.


#7

Seems like the culprit’s not named as all IoT vendors.

The big players are damaging the internet and public perception of that space. The big players produced more than half a million pieces of insecure garbage that are being exploited to send 620 Gbps at whoever they feel like attacking.

Even if there are some small players that are responsible, IoT’s dominated by enough large businesses that are shockingly irresponsible and incompetent that public perception should be negative. The general public aren’t capable of making an informed decision, and it’s in everyone’s best interest to avoid IoT devices like the internet plague bringers most are.


#8

Mostly I don’t disagree with you - the head line though does claim that the “worm is gnawing it’s way through the internet of things” when really it’s just those made by a few companies (and some private labeled versions of the same things).

Most residential IoT devices are actually placed behind residential firewalls, unlike a security camera/etc , and are largely immune to this stuff, unless you attack thru their cloud connections.

Much more scary of course are not IoT things but routers, the very things that we use to protect us from this sort of crap - these need to be held to a higher standard - I look forward to a trusted open source standard for such things, so we can fix the problems ourselves that manufactureres refuse to


#9

But still may have known default passwords and are through sheer luck not exploited.

Support-friendly (not necessarily consumer) practices like that remain a problem.

When a device is designed to be online 24/7, it should be secure and not shrug and hope that it’s being placed behind a firewall.


#10

Routers, esp home routers are also a horror story, esp. with scumbag vendors EOLing devices and not patching vulns for devices that are still running on the internet.

Still, if you look at Mirai, it’s not primarily infecting routers. It’s mostly cameras, DVRs, & printers.
https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/

Expecting end users to deploy network appliances with strong network security policies is a lost cause, and this stuff is just going to get worse. Mirai was amateur hour grabbing low hanging fruit. Trying to put in the public eye that hundreds of thousands of IoT devices are doing really bad things because some manufacturers suck ass is important.


#11

The Internet of Shit


#12

#13

Yeah, at this point the botnet can send a 620 Gbps DDoS, and the scum who’ve made it keep adding new devices it can infect as they find more IoT device exploits. The Deutsche Telekom attack is particularly hairy since they found an exploit in the router’s remote firmware update, installed their firmware, then closed the firmware management off so the ISP can’t patch ~1000000 devices and has to beg all their customers to manually restart.


#14

Why aren’t these consumers network admins!

It’s all their fault, you see.


#15

This topic was automatically closed after 5 days. New replies are no longer allowed.