Slashdot Mirror
A Sophisticated Grey Hat Vigilante Protects Insecure IoT Devices (arstechnica.com)
Ars Technica reports on Hajime, a sophisticated "vigilante botnet that infects IoT devices before blackhats can hijack them."
Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems." But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape...
Hajime doesn't rashly cycle through a preset list of the most commonly used user name-password combinations when trying to hijack a vulnerable device. Instead, it parses information displayed on the login screen to identify the device manufacturer and then tries combinations the manufacturer uses by default... Also, in stark contrast to Mirai and its blackhat botnet competitors, Hajime goes to great lengths to maintain resiliency. It uses a BitTorrent-based peer-to-peer network to issue commands and updates. It also encrypts node-to-node communications. The encryption and decentralized design make Hajime more resistant to takedowns by ISPs and Internet backbone providers.
Pascal Geenens, a researcher at security firm Radware, watched the botnet attempt 14,348 hijacks from 12,000 unique IP addresses around the world, and says "If Hajime is a glimpse into what the future of IoT botnets looks like, I certainly hope the IoT industry gets its act together and starts seriously considering securing existing and new products. If not, our connected hopes and futures might depend on...grey hat vigilantes to purge the threat the hard way."
And long-time Slashdot reader The_Other_Kelly asks a good question. "While those with the ability and time can roll their own solutions, what off-the-shelf home security products are there, for non-technical people to use to protect their home/IoT networks?"
Hajime doesn't rashly cycle through a preset list of the most commonly used user name-password combinations when trying to hijack a vulnerable device. Instead, it parses information displayed on the login screen to identify the device manufacturer and then tries combinations the manufacturer uses by default... Also, in stark contrast to Mirai and its blackhat botnet competitors, Hajime goes to great lengths to maintain resiliency. It uses a BitTorrent-based peer-to-peer network to issue commands and updates. It also encrypts node-to-node communications. The encryption and decentralized design make Hajime more resistant to takedowns by ISPs and Internet backbone providers.
Pascal Geenens, a researcher at security firm Radware, watched the botnet attempt 14,348 hijacks from 12,000 unique IP addresses around the world, and says "If Hajime is a glimpse into what the future of IoT botnets looks like, I certainly hope the IoT industry gets its act together and starts seriously considering securing existing and new products. If not, our connected hopes and futures might depend on...grey hat vigilantes to purge the threat the hard way."
And long-time Slashdot reader The_Other_Kelly asks a good question. "While those with the ability and time can roll their own solutions, what off-the-shelf home security products are there, for non-technical people to use to protect their home/IoT networks?"
... but the comments, so far, are not of value to those who want some red meat.
"While those with the ability and time can roll their own solutions, what off-the-shelf home security products are there, for non-technical people to use to protect their home/IoT networks?"
I gotta think of everything?
Hire this genius to make blister-pak retail-ready solutions available to everyone.
Inject the goddam thing by remote to protect it.
There's gold in them thar hills, I tell yun.
It little behooves the best of us to comment on the rest of us.
The problem with this solution is that the companies are not getting the negative financial feedback (punishment) that they need to correct their behavior.
I've said it before but it's worth repeating.
IoT vendors will only secure their devices after it starts costing them money or are legally required to do so.
The best option is to hijack the IoT devices to DDoS their makers because it creates a direct feedback loop. The more insecure devices they sell, the more it will cost them to host their company's website(s). For extra points, only target their parent company. ;)
Anons need not reply. Questions end with a question mark.
" As long as he doesnt(sic) have ddos capability and doesnt turn to nefarious purposes hes doing everybody a favor,"
Max Butler thought he was doing everyone a favor when he created a worm to patch a security flaw in BIND. No nefarious intent or purposes. Doing something which merely accesses a system, especially a government system, is considered a criminal act however. The Feds don't accept the argument: "Just a white hat, securing some systems." They came down hard on him and he ended up in prison.
The person or people who did this better remain anonymous, especially if the botnet touched any government hardware.