When is an IoT Botnet not an IoT Botnet?

23rd November 2016
Posted By : Anna Flockett
When is an IoT Botnet not an IoT Botnet?

IoT botnets continue to make news, with new strains of malware infecting a range of internet-connected devices and then using those devices to participate in historically large distributed denial of service (DDoS) attacks.

Guest blog by Mychal McCabe.

By some estimates the Mirai strain of malware has infected over one million devices since it emerged, with more to come following its release to the public last month. If you are following this trend and haven’t heard of Bashlight or the Linux/IRCTelnet derivative of Aidra, give it time. Linux/IRCTelnet is said to have infected 3500 devices in the five days since it launched.

While the impact of these attacks and the challenges that they represent are very real, it’s worth asking if these attacks are actually leveraging the Internet of Things. Specifically: the IoT as we’ve come to understand it these last few years: a system of systems connecting edge and cloud, with northbound data and southbound control moving freely across the topology alongside virtualised applications and value added services.

The list of effected devices cited in coverage of the attacks is relatively small and includes wireless gateways, cellular routers, and internet-connected DVRs, printers, and web cameras. With few exceptions these devices have been around for a long time. To describe them as IoT devices is to miss the point of IoT in a rush for relevant headlines and the clicks that come with them. They are IoT devices only to the extent that long time embedded device developers will claim to have been doing IoT for decades.

The culprits responsible for compromising these devices are the usual ones: firmware that is either buggy, out of date, or both. Default device credentials that have not been reset by end users or operators. Ease of use or lack thereof is cited as a primary reason why non-expert users have not updated their firmware.

While this list is entirely familiar to people concerned with security, it should also give pause and prompt some genuine soul searching as embedded evolves toward its IoT future. With more of what we make becoming connected, with the drive to bring autonomy to more of what we make, the stakes for security will only become higher.

Courtesy of Wind River.


You must be logged in to comment

Write a comment

No comments




Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Girls in Tech | Catalyst | 2019
4th September 2019
United Kingdom The Brewery, London
DSEI 2019
10th September 2019
United Kingdom EXCEL, London
EMO Hannover 2019
16th September 2019
Germany Hannover
Women in Tech Festival 2019
17th September 2019
United Kingdom The Brewery, London
European Microwave Week 2019
29th September 2019
France Porte De Versailles Paris