Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IoT malware starts showing destructive behavior

Lucian Constantin | April 10, 2017
Researchers have observed attacks against IoT devices that wipe data from infected systems.

Most users are unlikely to ever know if their routers, IP cameras, or network-attached storage systems are infected with malware and are being used in DDoS attacks, because the impact on their performance might be unnoticeable. However, they will immediately know that something is wrong if they're hit by BrickerBot because their devices will stop working and many of them will likely require manual intervention to fix.

The Amnesia bot is a very good example of how vulnerabilities can linger on for years in embedded devices without getting patched. The flaw exploited by the malware to propagate was disclosed more than a year ago and affects more than 70 brands of digital video recorders (DVRs) -- the systems that record video streams from CCTV cameras.

The reason why so many DVR models were affected is that the companies selling them under different brands actually sourced the hardware and the firmware from the same original equipment manufacturer (OEM) in China, a company called Shenzhen TVT Digital Technology.

This so-called "white labeling" practice is common for many IoT devices, including IP cameras and routers, and it makes the distribution of security patches to affected devices very hard. It's also one of the reasons why many such devices don't have automatic updates.

At the moment, there are more than 227,000 DVRs around the world that have this vulnerability and are directly exposed to the internet, according to Palo Alto Networks. The largest number of them are in Taiwan, the United States, Israel, Turkey, and India.

When buying a camera, router, NAS system, or other IoT device, users should look at the manufacturer's security track record: Does the company have a dedicated point of contact for security issues? How has it handled vulnerabilities in its products in the past? Does it publish security advisories? Does it regularly release security patches? Does it support its products for a reasonable amount of time? Do the products have an automatic update feature?

The answers to these questions should inform buying decisions, in addition to the price itself, because all software has flaws, and vulnerabilities are regularly found in both cheap and expensive devices. It's how manufacturers deal with those flaws that really makes a difference.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.