Last year, the IoT botnet Mirai was used in a number of high-profile DDoS (distributed denial of service) attacks, taking advantage of hundreds of thousands of insecure Linux-based IoT devices. In recent weeks, a new strain of IoT malware has emerged, with a different and potentially dangerous new purpose.
Dubbed Brickerbot, the malware seeks out vulnerable Linux devices, accesses them and then executes a series of instructions that corrupts storage, disrupts Internet connectivity and inihibits kernel operations, rendering the device useless, or "bricked." Brickerbot works much like Mirai, scanning for devices that still have their default user names and passwords.
As Mirai's effectiveness underscores, far too many end users simply forget, don't know how, or don't care to take the simple security step of changing their devices' defaults.
Security firm Radware discovered Brickerbot in March, when the malware targeted devices in a honeypot Radware maintains for security research purposes.
Since then, speculation has centered on the motivations of Brickerbot's author or authors. One popular hypothesis finds Brickerbot to be a form of vigilantism. In other words, by proactively destroying unsafe devices, the likes of Mirai will be inhibited.
Brickerbot's creator(s) haven't publicly stated their motivations, and it's possible their intents are solely malicious. But if vigilantism is the goal, that's inexcusable, says Constellation Research VP and principal analyst Steve Wilson.
"Some hackers have god complexes," he says. "The very words 'white hat' and 'black hat hackings betray a blurred morality where one way or another people take the law into their own hands."
"Who makes the judgement that a device is insecure? It's not black and white," Wilson adds. "Where is the risk assessment that a vulnerable device that might malfunction is worse that a bricked device that will actually malfunction?"
Indeed, as a post on Network World notes, applied unchecked malware like Brickerbot could have fatal consquences:
Imagine driving down the road and having your car’s computer bricked. ... At some point, lives will be lost and people maimed. An uncontrolled botnet seeking to protect us all from badly designed devices will brick the wrong one—or dozens of them.
IoT device manufacturers, eager to get their products to market as quickly and cheaply as possible, bear much of the responsibility for the current threat landscape.
"I am outraged by the parlous state of IoT security," Wilson says. "It is appalling that devices which never were computers are foisted on consumers with unapprehended complexities and inadequate computer security. We need to see action on the part of consumers, to demand proper security. Consumer affairs regulators need to act to ensure device quality is fit for purpose. Manufacturers need to be held accountable for damages caused by faulty products."
"The last thing we need is vigilantism," Wilson says. "By all means expose, names and shame culpable product companies but don't take the law into your own hands."
24/7 Access to Constellation Insights
Subscribe today for unrestricted access to expert analyst views on breaking news.