Last year, we warned you about the rise of cyberattacks involving “Internet of Things” (IoT) web-connected appliances. These smart devices are the perfect distributed-denial-of-service (DDoS) vectors because of their sheer numbers coupled with a lack of security.
Note: DDoS is an attack where a targeted website is flooded by an overwhelming amount of requests from millions of connected machines (collectively known as a botnet) in order to bring it down.
This means unsecured routers, printers, IP web cameras, DVRs, cable boxes, connected “smart” appliances such as Wi-Fi light bulbs and smart locks can be hijacked and involved in cyberattacks without the owner knowing about it.
The massive Dyn attack from last year proves that if unchecked, smart appliance botnets can wreak unprecedented havoc. Alarmingly, the source code for this smart appliance trojan program, named Mirai, has been published online for everyone to see. Now, we’re starting to see different strains of this program coming to light.
Persirai is a newly discovered Internet of Things botnet that is targeting more than a thousand web-connected IP camera models. These models are said to be using parts from a still unnamed Chinese Original Equipment Manufacturer (OEM). If you own a Chinese made IP cam, then it’s most likely vulnerable.
Security researchers from Trend Micro reported that by scanning the web with Shodan (a search engine for exposed ports and databases), they have detected at least 120,000 web-connected cameras – distributed around the world – that are currently vulnerable to Persirai.
According to Trend Micro, most of the owners of these cameras don’t even know that the gadgets are publicly exposed on the internet, making them easy targets for IoT malware.
Persirai, which has code similar to Mirai, exploits these cameras’ ability to open ports on routers, a feature meant to facilitate ease of setup. Taking advantage of these open ports, attackers can force them to install the botnet malware.
Once infected, Persirai can then commandeer these vulnerable gadgets as minions in DDoS attacks.
Fortunately, no major DDoS attacks using Persirai have been detected yet but this could be the initial staging for another major attack.
Protect your appliances
Since these Internet of Things appliance infections only reside on temporary memory, the first thing you have to do is reboot the device to clear out the malware.
If you are checking your router, IP webcam or connected printer, it is important that you change the default administrator username and password. Do this by accessing the appliance’s hub (usually through a webpage or a smartphone app). If your smart appliance connects via the manufacturer’s website, make sure your password for their site is complex and unique.
Next, check for firmware updates. Now, with these attacks out in the open, manufacturers will start issuing security patches to prevent such infections. It’s important to keep your firmware always up to date. If your gadget does not automatically fetch firmware updates, make sure to manually check at least every three months.
Some routers have some firewall functionality too. In your router’s administrator page, look for settings named “Disable Port Scan” and “Enable DoS Protection” and make sure you turn these on.
As evidenced by these recent attacks and techniques, in this increasingly connected world, it goes without saying the more our homes become “smarter,” the more we have to be smarter about our homes.