Top Internet of Things Daily & Weekly

Vigilantes Are Trying to Secure IoT Devices…by Hijacking Them

Vigilantes Are Trying to Secure IoT Devices…by Hijacking Them

  • After Mirai, the scale of the IoT problem became clear, and since the events that took place last winter, hackers have been competing for control of the hundreds of thousands of easily hackable devices open to the Internet.
  • Ars Technica‘s Dan Goodin reports that a new botnet, named Hajime, has been observed hijacking IoT devices using the same password set as Mirai.
  • The goal is to close open protocols like Telnet while using a distributed peer-to-peer network to issue software updates to these vulnerable devices, most of them home routers.
  • This is in addition to the recently discovered Brickerbot botnet that appears to be taking less of a soft-touch approach and rather just wiping the firmware and boot record for IoT devices, virtually destroying the device or at least making it impossible to use without replacing hardware.
  • Dan Goodin with Ars notes that while the intentions of these vigilante hackers may be altruistic in trying to help contain the IoT malware problem, their actions are still very much illegal.

After Mirai, the scale of the IoT problem became clear, and since the events that took place last winter, hackers have been competing for control of the hundreds of thousands of easily hackable devices open to the Internet.

@CiscoSecurity: Vigilantes Are Trying to Secure IoT Devices…by Hijacking Them

After Mirai, the scale of the IoT problem became clear, and since the events that took place last winter, hackers have been competing for control of the hundreds of thousands of easily hackable devices open to the Internet.

Ars Technica‘s Dan Goodin reports that a new botnet, named Hajime, has been observed hijacking IoT devices using the same password set as Mirai. The goal is to close open protocols like Telnet while using a distributed peer-to-peer network to issue software updates to these vulnerable devices, most of them home routers. So far, the botnet appears to have infected as many as 10,000 vulnerable routers.

According to BleepingComputer, researchers discovered the botnet back in October of last year, but it was unclear at first what the botnet’s purpose was, as it was not sending any DDoS or malicious traffic.

Then it was discovered the author was actually closing ports often exploited by other IoT malware, including 23, 7547, 5555 and 5358.

This is in addition to the recently discovered Brickerbot botnet that appears to be taking less of a soft-touch approach and rather just wiping the firmware and boot record for IoT devices, virtually destroying the device or at least making it impossible to use without replacing hardware.

Combined with efforts to sinkhole Mirai command and control servers, it appears—if the goal is to minimize the ongoing damage of Mirai—that it is working for now.

Dan Goodin with Ars notes that while the intentions of these vigilante hackers may be altruistic in trying to help contain the IoT malware problem, their actions are still very much illegal.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.

Vigilantes Are Trying to Secure IoT Devices…by Hijacking Them

Comments are closed, but trackbacks and pingbacks are open.