BrickerBot ‘creator’ claims two million IoT devices have been destroyed

BrickerBot ‘creator’ claims two million IoT devices have been destroyed

Author of malware that bricks devices warned firms to improve security of IoT

BrickerBot, a piece of malware designed to damage insecure IoT devices so badly that they become useless, has now ‘bricked’ as many as two million devices, according to a shady figure claiming to be the malicious code’s author.

A person going by the nickname of ‘Janitor’ made the claim on a hacker discussion board. According to reports by Bleeping Computer, Janitor is a ‘grey hat’ hacker who says they wanted to do something about the insecure nature of IoT-enabled devices on the market. BrickerBot attacks these devices, overwriting their firmware. For their owners, that means reinstalling original firmware from scratch or complete replacement of the device.

In an email to the website, Janitor defended developing the IoT malware, presenting their work as that of taking compromised devices out of circulation.

“If somebody launched a car or power tool with a safety feature that failed nine times out of ten, it would be pulled off the market immediately,” they write.

“I don’t see why dangerously designed IoT devices should be treated any differently and, after the Internet-breaking attacks of 2016, nobody can seriously argue that the security of these devices isn’t important.”

They added that they hoped “regulatory bodies will do more to penalize careless manufacturers, since market forces can’t fix this problem”.

The malware has led to a security advisory by ICS-CERT on the matter. “BrickerBot.1 and BrickerBot.2 exploit hard-coded passwords, exposed SSH, and brute force Telnet,” said the advisory. The malware was originally discovered by researchers at security company Radware.

Read more: Radware discovers Brickerbot, which makes DOS attacks permanent

ICS-CERT has advised companies to audit IoT devices, disable SSH and Telnet access to any devices, and ensure that default passwords are changed. It also said that it would be collating a database of devices that could be affected by the malware “in order to collect product-specific mitigations and compensating controls”.

Edgard Capdevielle, CEO of Nozomi Networks, a company specialising in cyber-security for industrial control systems, told Internet of Business that BrickerBot poses a substantial threat. Were industrial control systems (ICS) components in critical infrastructure to suddenly fail without warning, he said, the wider effects could be significant.

“Industrial automation systems could experience abnormal behavior or event outages. In addition, identifying issues, fixing them, and getting systems back up and running could be lengthy and expensive,” he said.

“Operators should implement the mitigations recommended by ICS -CERT, which includes verifying that their control systems are deployed securely and that no devices have an Internet accessible configuration. In addition, as the US Department of Homeland Security recommends, they should use network behavioral analysis to detect anomalies in traffic and take appropriate action on those anomalies,” he added.

Read more: Malwar! Hajime IoT botnet fights back against Mirai