Back in October 2016 we experienced the Mirai botnet malware, which leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!
After Mirai, we were introduced to Persirai, a more advanced version of Mirai, likely to have evolved due to the Mirai code being made public. Persirai has aggressive features by exploiting a zero-day vulnerability to steal the password file from an IP camera regardless of password strength.
More recently, Reaper, another flavour from the same family but lot more vicious than its predecessors, infected more than million devices and counting.
We now have Satori (Japanese Buddhist term for awakening) – same family, zero-day powers, infected 280,000 devices in 12 hours including home routers. Experts say Satori can proliferate rapidly making it an IoT worm. If it continues it will be massive, and security researchers fear it can launch disastrous attacks at any time.
To prevent your IoT devices being victims of malware and causing disruption to your business and beyond, organizations need to deploy strong security that focuses on the weak credentials and software vulnerabilities. It’s important to change passwords regularly, but also ensure they are encrypted. To address Reaper and Satori now, we need secure software and firmware patch updates as soon as the they become available.
KeyScaler provides superior protection from weak credentials and vulnerabilities through its automated password management, and secure over-the-air (OTA) solution, which:
KeyScaler provides protection for enterprise devices and applications with automated PKI certificate lifecycle management. Device Authority is working with ecosystem partner Comodo to address IoT botnet issues from the first stage in the IoT device journey – manufacturing of the device.
Are you a device manufacturer who would like to offer their customers superior products built with robust security?
Are you worried about the financial and brand damage of an IoT botnet recruiting your devices?
In our earlier blog, we discussed the reasons why IoT Security needs a customer centric approach. This blog will follow on and explore the importance of having a strong device identity and integrity, which are the new perimeter for IoT. We will look at why we must combine device and user dimensions for device centric IoT Identity and Access Management (IAM) and why IoT devices are the weak link in the IoT Ecosystem.
