The IoT botnet wars, Linux devices, and the absence of basic security hardening

Cite

Chaos Computer Club e.V.

Moseley, Drew

Formal Metadata

Title

The IoT botnet wars, Linux devices, and the absence of basic security hardening

Title of Series

All Systems Go! - The Userspace Linux Conference 2017

Number of Parts

Author

Moseley, Drew

Contributors

All Systems Go!

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/37953 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2017

Language

English

Producer

All Systems Go!

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware. Some of the fundamental security concepts we will cover include: Closing unused open network ports Intrusion detection systems Enforcing password complexity and policies Removing unnecessary services Frequent software updates to fix bugs and patch security vulnerabilities We will also delve into the arguments and counter-arguments of vigilante hacking with Hajime and BrickerBot as examples and the potential long-term consequences in this new age of connected devices.