The IoT of bricks: Someone is bricking insecure IoT devices
I can’t justify the vigilantism, but someone is bricking vulnerable IoT devices. I ponder the morality of it all. It’s called BrickerBot. It finds IoT devices with dubious security and simply bricks/disables them.
Insecure dishwashers, teapots, refrigerators, security cameras – all become part of vast botnets. The botnets can do many things, and we’ve seen them become the armies behind the largest internet attacks in history. How to cleanse these devices has become the crux of many cries, including numerous ones in this space.
No one’s gone to jail for building the devices – but then no one’s gone to jail for building the botnets from these devices. Why? We have no vendor liability. Instead, organizations can design and implement the crappiest software on the planet, and they’re very highly unlikely to be punished. And so it continues.
Can bricking unsafe IoT devices work? Yes. It disables them and forces firmware updates – if the updates can even be done in the first place – because there were updates available. Civilians who purchased IoT-enabled devices have no clue how to do this. Perhaps one in 100 might be able to follow useful instructions – or even be motivated to update the firmware on their IoT devices.
Most people with infected devices don’t even know it. Hey, Marge, did you know the refrigerator’s been assaulting Level 3 again?
The danger of vigilante bricking of IoT-enabled devices
But I want to run a chill down your spine, and it’s the motivation for writing this.
We can start with BMW and Volkswagan AG, and then cite Jeep, Ford, ad more. Imagine driving down the road and having your car’s computer bricked. Maybe you were doing 70. Or maybe someone drives the maze of a parking garage, merrily bricking cars.
Your vehicle is vulnerable! We must brick it!
Similar attacks on radio key fobs have allowed access by hackers to Mercedes, BMWs and even Toyota Priuses. Do you honestly think your key fob as a PKI certificate being broadcast to the doorlock of your car?
The automotive IoT risks being equally vulnerable. Worse, the privacy components will rat you out.
- You were speeding.
- You drive in seedy neighborhoods.
- You follow too closely.
- You put makeup on in your car.
- You fibbed to the insurance company about how many miles you drive per year.
- Here’s a list of all the text messages you transcribed while driving.
- You logged 17,215 left turns without using a turn signal. Upload?
- Your warranty is now void due to excessively late oil changes.
- This is JeEp RaNsOmEwArEz!!! Insert Apply Pay Now or in 60 seconds we stop your ignition!!
My great fear is for the unsuspecting public. Now their refrigerator’s acting wonky. It was the teapot yesterday. The vacuum cleaner has been trying to break into the garage again. Why?
Bricking bots are not the way to go. They will cause damage. At some point, lives will be lost and people maimed. An uncontrolled botnet seeking to protect us all from badly designed devices will brick the wrong one – or dozens of them.
This is why we can’t have nice things. Oh, and some of the makers, such as Garadget, are just plain grouchy.
The post The IoT of bricks: Someone is bricking insecure IoT devices appeared first on McAfee Blogs.