420,000 node botnet made from insecure embedded devices


Map showing the concentration of infected devices across the globe

There are a lot of devices connected to the Internet. While most people think about their computers, tablets, and phones, many don’t think about the various embedded devices that are also connected. From routers to printers to thermostats, there’s a lot of devices talking online. Unfortunately, many of them are also listening online, and many vendors don’t do a good job securing these devices. Combine that with the recent outbreak of Java vulnerabilities, and it’s a recipe for disaster.

One security “researcher” attempted to map the IPv4 address space of the Internet. He did this by exploiting vulnerabilities in various embedded devices online. Using the Nmap Scripting Engine, he was able to push attack code onto vulnerable systems, then use those systems to help with the mapping efforts. The above picture is a visual representation of where the bots lived. Interestingly, the United States had only a single red dot (indicating over 2,000 exposed devices), whereas other parts of the world like China and India, had more and even Turkey had a red dot within their borders.


Map showing the 460 Million IP addresses that responded to ICMP ping requests or port scans

One of the design decisions of the “researcher” was to be nice to targeted hosts. As such, he didn't make any permanent changes to the infected machines (i.e., rebooting the device would restore it to normal), limited the number of connections the device was allowed, and did not scan/snoop any traffic on internal networks.

While the information is interesting to read through, and the “researcher” claims that he did no harm, we can’t condone his actions. Although it does highlight the insecurity of the Internet as a whole, and many of the attacks were nothing more than guessing default username/password combinations, the unauthorized use of a device is still a crime. That said, we hope this is a wake-up call for companies to increase the base security of their embedded devices.

Source: Anonymous posting on Bitbucket | Images from research, posted on Bitbucket

Previous Story
NBA player Grant Hill stars in latest Windows Phone TV ad
Next Story
Dell: "Uncertain adoption" of Windows 8 is part of its reason to go private