We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

IoT VILLAGE - Worms that fight back: Nematodes as an antidote for IoT malware

10
 Zitieren
 Teilen
 Herunterladen
 Bestellen
Kein Logo verfügbarDEF CON
 Wixey, Matt

Formale Metadaten

Titel
IoT VILLAGE - Worms that fight back: Nematodes as an antidote for IoT malware
Serientitel
Anzahl der Teile
322
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Nematodes, often called “anti-worms” or “beneficial worms”, are a controversial topic. They involve exploiting the same vulnerabilities used by malicious worms, but, rather than installing malware or being used to form a botnet, nematodes attempt to disinfect and patch the vulnerable host. In some variants, nematodes also try to perform some kind of beneficial action, such as compressing files, or reporting illegal content to law enforcement. Despite being brought up a few times in previous talks and papers, nematodes remain largely on the fringes of the security community’s consciousness. Perhaps part of the reason for this is the demise of traditional network worms – after all, it’s not 2004 any more – and perhaps, for good reason, most people think the idea usually doesn’t work in practice, or has significant legal implications. However, there has recently been a trend of wormable vulnerabilities which utilise rather different mediums – such as WiFi (Broadpwn), Bluetooth (BlueBorne), light (smart lightbulbs), RFID tags, and more - and, of course, a huge number of wormable vulnerabilities in a wide range of IoT devices. The rise of these, and the fact that IoT security issues are not easily resolvable with patching, antivirus solutions, and other security mechanisms, may make it worth re-opening the nematode debate. In this talk, I’ll consider whether it actually is worth doing so, given that we could be on the threshold of an era involving new and devastating types of worms. Along the way, I’ll cover the history of nematodes and take a journey back in time with some 'digital paleovirology', starting with the murky history of Creeper, Reaper and PERVADE in the 1970s, then moving on to Brain and Denzuko in 1986; ADM and Max Vision in 1998; PolyPedo in 2001; the ‘worm wars’ of 2003-2004; and right up to the present day battles between IoT botnets such as Mirai with IoT nematodes such as Hajime and Brickerbot. I’ll also cover the legal and ethical issues posed by nematodes; the challenges and benefits they can bring; and will present some demos of custom nematodes. These include custom-developed worms and corresponding nematodes for both a recent web application vulnerability and an IoT device, and an improved and updated alternative to the PolyPedo worm. I'll also discuss 'Antidote', an in-progress and experimental modular framework for deploying and configuring anti-worms based on recent exploits and attack techniques. Finally, I'll outline some ideas for future research in this area.