A New Worm Proves That the Internet of Things Is Vulnerable to Attack
One of the basic technologies that enables what we often refer to as the Internet of Things is embedded Linux, a version of Linux that runs on machines that aren’t computers in the traditional sense. A lot of the new “smart” devices joining Wi-Fi networks in the home and office are running some variant of it, as do a lot of those home-Wi-Fi routers themselves.
Researchers at security-software company Symantec say they’ve found a worm that proves that, eventually, these devices may be ripe for attack. It’s called Linux.Darlloz, and it appears to have been built to infect versions of Linux found in home routers, TV set-top boxes and security cameras, and also some industrial-control systems.
Writing for Symantec’s corporate blog, researcher Kaoru Hayashi says the worm targets versions of Linux running on Intel and other x86 chips, but there are already variants that target Linux on other chips, including ARM, PowerPC and MIPS.
If you’ve ever set up a home router, then you’ve encountered these “hidden” operating systems running on these devices. The worm is designed to take advantage of an 18-month-old vulnerability in the OS that presents a Web interface to users for setting it up. These systems will often have basic user names and passwords like “admin” and “12345,” and it tries several known combinations of these, if any are required.
If it encounters a vulnerable target, the worm downloads itself from a host server and then executes. Once it does that, it creates the file directories it’s going to use, and then seeks to cut off remote access to the now-infected machine by killing Telnet and other processes that may be running. Then it deletes a lot of other files.
And then it starts looking for a way to spread itself again. It does this by generating random IP addresses. If one of those addresses on the network turns out to be reachable, it then starts looking for directories that indicate if that original vulnerability is present, and the whole process starts over.
Hayashi says the worm doesn’t seem to do much now beyond propagating itself, and, indeed, attacks against non-PC devices haven’t yet been observed. But it could represent a troubling indicator of things to come, as more smart devices are joining networks every day. There’s only so much that a hacker might learn from infecting, say, your Wi-Fi-enabled scale, but try to imagine what kinds of bad things could result from your home-security camera becoming infected. Or worse, the lock on your front door.
It’s the same sort of fear that was raised when the Stuxnet worm, thought to have been created in a joint operation by the CIA and Israeli intelligence, burrowed its way into industrial-control systems at nuclear-research facilities in Iran. In one famous case, nuclear centrifuges were made to spin too fast and ultimately explode, while systems monitoring their status indicated that everything was normal.
Researchers have long worried that criminals and other troublemakers would study the basic ideas of Stuxnet and adapt the techniques used to wreak havoc on the home front. Though they’re different in many ways, it’s not too much of a stretch to say that the same fundamental principals could be at work here.
In the case of this worm, home users may never know that their devices are infected. And even if they do, Hayashi worries that the original vendors may not offer software updates to patch the vulnerability. Some of them, he writes, are even too old to accept new software in the first place. Be a little worried.