We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

IoT VILLAGE - Worms that fight back: Nematodes as an antidote for IoT malware

10
 Cite
 Share
 Download
 Purchase
No logo availableDEF CON
 Wixey, Matt

Formal Metadata

Title
IoT VILLAGE - Worms that fight back: Nematodes as an antidote for IoT malware
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Nematodes, often called “anti-worms” or “beneficial worms”, are a controversial topic. They involve exploiting the same vulnerabilities used by malicious worms, but, rather than installing malware or being used to form a botnet, nematodes attempt to disinfect and patch the vulnerable host. In some variants, nematodes also try to perform some kind of beneficial action, such as compressing files, or reporting illegal content to law enforcement. Despite being brought up a few times in previous talks and papers, nematodes remain largely on the fringes of the security community’s consciousness. Perhaps part of the reason for this is the demise of traditional network worms – after all, it’s not 2004 any more – and perhaps, for good reason, most people think the idea usually doesn’t work in practice, or has significant legal implications. However, there has recently been a trend of wormable vulnerabilities which utilise rather different mediums – such as WiFi (Broadpwn), Bluetooth (BlueBorne), light (smart lightbulbs), RFID tags, and more - and, of course, a huge number of wormable vulnerabilities in a wide range of IoT devices. The rise of these, and the fact that IoT security issues are not easily resolvable with patching, antivirus solutions, and other security mechanisms, may make it worth re-opening the nematode debate. In this talk, I’ll consider whether it actually is worth doing so, given that we could be on the threshold of an era involving new and devastating types of worms. Along the way, I’ll cover the history of nematodes and take a journey back in time with some 'digital paleovirology', starting with the murky history of Creeper, Reaper and PERVADE in the 1970s, then moving on to Brain and Denzuko in 1986; ADM and Max Vision in 1998; PolyPedo in 2001; the ‘worm wars’ of 2003-2004; and right up to the present day battles between IoT botnets such as Mirai with IoT nematodes such as Hajime and Brickerbot. I’ll also cover the legal and ethical issues posed by nematodes; the challenges and benefits they can bring; and will present some demos of custom nematodes. These include custom-developed worms and corresponding nematodes for both a recent web application vulnerability and an IoT device, and an improved and updated alternative to the PolyPedo worm. I'll also discuss 'Antidote', an in-progress and experimental modular framework for deploying and configuring anti-worms based on recent exploits and attack techniques. Finally, I'll outline some ideas for future research in this area.