Announcement

Collapse
No announcement yet.

A new strain of IoT malware can survive a reboot

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    A new strain of IoT malware can survive a reboot

    Seems specific to GNU/Linux machines:

    https://boingboing.net/2018/05/09/boot-persistence.html

    Minimal info in the article, but something to watch for.
    Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

    #2
    Sure is.
    The IoT devices come in many configurations, some burned in and some changeable. If they have a persistent Linux OS installed the ability to download an exploit would be easy. Many come configured with the name "admin" and the password "admin", or something similar. The mfgrs expect the user to login into their device via an HTML interface much like that on a wifi router and change the admin name and password. Most do not.

    There is a tool that allows you to search for a variety of online devices, including IoT's. It is called shodan. With it you can search for specific devices (not just IoT's) and/or specific ports. A mediocre video which demonstrates some of Shodan's abilities is here. You can sign up for free. Searches will allow you access to TWO pages of results. If you want more you have to pay.

    It shows unsecured webcams in and around people's homes, printers connected to routers, and even computers setting at a login screens, especially if they are using a cable and not the wifi. You could be watching someone log in and use his computer without him knowing about it. So, if Shodan is available to ordinary users like you and I, how powerful do you think the tools used by government hackers are?


    EDIT:
    If you want to play with shodan on your CLI then you'll need to create an account and then get your api_key. Store it in a file. Then install python-pip from the repository. Then

    pip install shodan

    When it is done it will tell you that your pip is out of date and to do

    pip install --upgrade pip

    to install the latest version, 10.1.

    Then you have to initialize shodan

    shodan init (your api_key here)

    You can see the basic commands with

    shodan --help
    Last edited by GreyGeek; May 09, 2018, 05:50 PM.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment

    Working...
    X