We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

IoT VILLAGE - Worms that fight back: Nematodes as an antidote for IoT malware

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
10
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Wixey, Matt

Formal Metadata

Title
IoT VILLAGE - Worms that fight back: Nematodes as an antidote for IoT malware
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Nematodes, often called “anti-worms” or “beneficial worms”, are a controversial topic. They involve exploiting the same vulnerabilities used by malicious worms, but, rather than installing malware or being used to form a botnet, nematodes attempt to disinfect and patch the vulnerable host. In some variants, nematodes also try to perform some kind of beneficial action, such as compressing files, or reporting illegal content to law enforcement. Despite being brought up a few times in previous talks and papers, nematodes remain largely on the fringes of the security community’s consciousness. Perhaps part of the reason for this is the demise of traditional network worms – after all, it’s not 2004 any more – and perhaps, for good reason, most people think the idea usually doesn’t work in practice, or has significant legal implications. However, there has recently been a trend of wormable vulnerabilities which utilise rather different mediums – such as WiFi (Broadpwn), Bluetooth (BlueBorne), light (smart lightbulbs), RFID tags, and more - and, of course, a huge number of wormable vulnerabilities in a wide range of IoT devices. The rise of these, and the fact that IoT security issues are not easily resolvable with patching, antivirus solutions, and other security mechanisms, may make it worth re-opening the nematode debate. In this talk, I’ll consider whether it actually is worth doing so, given that we could be on the threshold of an era involving new and devastating types of worms. Along the way, I’ll cover the history of nematodes and take a journey back in time with some 'digital paleovirology', starting with the murky history of Creeper, Reaper and PERVADE in the 1970s, then moving on to Brain and Denzuko in 1986; ADM and Max Vision in 1998; PolyPedo in 2001; the ‘worm wars’ of 2003-2004; and right up to the present day battles between IoT botnets such as Mirai with IoT nematodes such as Hajime and Brickerbot. I’ll also cover the legal and ethical issues posed by nematodes; the challenges and benefits they can bring; and will present some demos of custom nematodes. These include custom-developed worms and corresponding nematodes for both a recent web application vulnerability and an IoT device, and an improved and updated alternative to the PolyPedo worm. I'll also discuss 'Antidote', an in-progress and experimental modular framework for deploying and configuring anti-worms based on recent exploits and attack techniques. Finally, I'll outline some ideas for future research in this area.
00:00
Information securityDigital signalComputer wormMalwarePresentation of a groupCybersexHacker (term)Student's t-testAddressing modeMalwareComputer wormHacker (term)Information securityObservational studyCASE <Informatik>Goodness of fitStudent's t-testExecution unitCybersexMultiplication signMereologyComputer animation
01:23
Computer wormComputer wormSharewareService (economics)Software frameworkVector spaceTerm (mathematics)Replication (computing)Computer animation
02:13
Computer wormInformation securityBlock (periodic table)Bit rateAuthorizationInverter (logic gate)Vulnerability (computing)WordPhysical systemComputer wormGeneric programmingGroup actionSoftware developerObservational studyCASE <Informatik>Patch (Unix)Information securityExploit (computer security)Computer animation
03:45
Curve fittingSet (mathematics)Series (mathematics)MIDIRule of inferenceEinstein field equationsGame theoryOperating systemMiniDiscCoroutineComputer virusBitPhysical systemRadical (chemistry)MalwareComputer animation
05:17
Drum memoryCodierung <Programmierung>AuthorizationBootingMalwareSoftwareComputer virusInterpreter (computing)NumberMiniDiscAddress spaceCopyright infringementFloppy diskMultiplication sign
06:13
Similarity (geometry)Form (programming)Physical systemPasswordSpacetimeComputer fileComputer animation
06:54
Machine visionComputer wormDatabaseGroup actionElectronic signatureSoftwareInformation securityDirect numerical simulationKeyboard shortcutComputer wormBackdoor (computing)Reading (process)Patch (Unix)Internet forumPhysical systemPlastikkarteBlogVulnerability (computing)MassMachine visionSoftware testingMaxima and minimaComputer animation
08:17
Medical imagingComputer fileRegulärer Ausdruck <Textverarbeitung>EmailElectronic mailing listQuicksortNP-hardHard disk driveSelf-organizationComputer animation
09:04
SoftwareComputer worm1 (number)QuicksortVulnerability (computing)Windows RegistryDenial-of-service attackBand matrixPatch (Unix)SoftwareGeometryComputer animation
09:39
Computer wormBitHacker (term)Computer wormObservational studySeries (mathematics)CASE <Informatik>Reading (process)Connected spaceSoftware
10:12
Computer iconMathematicsComputer wormDeterminismRevision controlGoodness of fitAuthorizationPoint (geometry)Source codePasswordTerm (mathematics)Message passingDefault (computer science)Vulnerability (computing)Computer animation
11:00
MereologyRobotFirmwareInternetworkingVirtual machineMassDenial-of-service attackAuthorizationBinary fileQuicksortOrder (biology)Computer wormMedical imagingMIDI
12:07
Electronic signatureDependent and independent variablesExploit (computer security)Computer wormPeripheralInformation securityComputer wormExtension (kinesiology)Patch (Unix)Information securityDependent and independent variablesSoftwareAntivirus softwareMultiplication signIncidence algebraData managementComputer animation
12:46
Moving averageComputer virusOpen sourceComputerAbsolute valueSoftware frameworkData managementPhysical systemScale (map)Computer networkAcoustic shadowControl flowNP-hardSoftware developerData modelBand matrixDensity of statesDivisorAddress spaceInformation securitySelf-organizationComputer wormSoftware frameworkContext awarenessSoftware developerBand matrixMachine visionEndliche ModelltheorieSource codePhysical systemPerspective (visual)Sound effectBackdoor (computing)Maxima and minimaExploit (computer security)SoftwareDenial-of-service attackOrder (biology)Virtual machineComputational visualisticsDivisorAntivirus softwareComputer virusSharewarePower (physics)Slide ruleMultiplication signSimilarity (geometry)NumberParameter (computer programming)Vulnerability (computing)Port scannerAuthorizationPatch (Unix)Acoustic shadowObservational studyCASE <Informatik>Vector potentialElectric generatorComputer animation
17:04
Electric generatorComputer wormMalwareGreatest elementInjektivitätVulnerability (computing)Type theoryTouch typingRadio-frequency identificationBitImplementationProof theoryWhiteboardInternet der DingeComputer animation
18:24
Acoustic shadowExploit (computer security)Vulnerability (computing)Data managementPhysical systemOffice suiteSelf-organizationIntegrated development environmentComputer wormVulnerability (computing)HorizonElectric generatorGoodness of fitClient (computing)Patch (Unix)Mechanism designSoftwarePropagatorInformation securityData managementDifferent (Kate Ryan album)PlastikkarteInternet der DingeMultiplication signVector potentialComputer animation
19:29
Computer wormExploit (computer security)Gastropod shellInjektivitätSharewareFunction (mathematics)Backdoor (computing)Vulnerability (computing)Virtual machineSharewareComputer wormWeb applicationVirtual machineVulnerability (computing)Computer fileRevision controlWeb 2.0Backdoor (computing)InjektivitätGastropod shellExploit (computer security)Computer animation
20:27
Virtual machineWeb 2.0Web applicationMoment (mathematics)Physical systemComputer wormMobile appSource codeComputer animation
20:59
BitComputer wormWeb applicationTerm (mathematics)Vulnerability (computing)Traffic reportingWeb 2.0Source codeComputer animation
21:33
Infinite conjugacy class propertyComputer fileComputer wormGastropod shellVirtual machineBackdoor (computing)Computer animationSource code
22:02
Virtual machineWeb 2.0Source codeComputer animation
22:32
Traffic reportingComputer wormBackupComputer fileVirtual machineRevision controlVulnerability (computing)Gastropod shellSource codeComputer animation
23:18
Computer wormComputer networkPatch (Unix)Vulnerability (computing)SharewareAlgebraic closureInjektivitätAuthenticationAddress spaceTelnetDefault (computer science)Fluid staticsDynamic Host Configuration ProtocolPasswordServer (computing)SequenceVirtual machineTerm (mathematics)Exploit (computer security)Computer wormComputer configurationVulnerability (computing)PasswordComputer fileAuthentication2 (number)TelnetPatch (Unix)Roundness (object)RootSequencePrice indexSharewareInjektivitätVisualization (computer graphics)SoftwareInformation securityDefault (computer science)Server (computing)Web 2.0IP addressStapeldateiFluid staticsInternet der DingeChainMoment (mathematics)Source codeComputer animation
26:12
Computer wormMoment (mathematics)Server (computing)PasswordTouchscreenSound effectWeb 2.0Point (geometry)TelnetComputer animation
26:58
SharewarePolygonEmailContent (media)Execution unitPoint (geometry)Computer wormTelnetComputer animation
27:35
EmailContent (media)SharewarePairwise comparisonCollisionHash functionString (computer science)Binary fileSimilarity (geometry)MeasurementDistribution (mathematics)PixelAdvanced Encryption StandardAbsolute valueUniqueness quantificationRepresentation (politics)Computer-generated imageryAlgorithmVideoconferencingSequenceComputer wormComputer fileHypermediaKeyboard shortcutComputer iconMedical imagingThumbnailSharewareAlgorithmQuicksortAreaSequenceVideoconferencingLie groupHash functionComputer wormContent (media)Different (Kate Ryan album)Software frameworkPixelRevision controlReplication (computing)String (computer science)BitPolygonFlow separationRepresentation (politics)HypermediaElectronic mailing listKeyboard shortcutEmailComputer iconFamilyInstance (computer science)Computer fileReverse engineeringAverage1 (number)MeasurementSimilarity (geometry)SineMatching (graph theory)Data miningComputer animation
30:29
Computer-generated imageryBuildingInformation securityComputer fileMedical imagingPlanningKeyboard shortcutSharewareDifferent (Kate Ryan album)Point (geometry)VideoconferencingMusical ensembleComputer animation
30:58
BuildingEmailLaptopMoment (mathematics)Correspondence (mathematics)Medical imagingHash functionComputer animationLecture/Conference
31:27
BuildingMedical imagingSimilarity (geometry)EmailResultantKeyboard shortcutVideoconferencingComputer fileCuboidPlanningMatching (graph theory)Virtual machineComputer animation
32:43
Replication (computing)SharewareElectronic mailing listComputer fileKeyboard shortcutCountingReplication (computing)TheoryVirtual machineExterior algebraBitSource codeComputer animation
33:26
Revision controlReplication (computing)Software frameworkModul <Datentyp>Open sourceModul <Datentyp>Software frameworkFreewareComputer wormExploit (computer security)SoftwarePatch (Unix)Port scannerLevel (video gaming)Open sourceRevision controlFocus (optics)Internet der DingeComputer animation
34:27
Video game consoleExecution unitChi-squared distributionWeb applicationBand matrixMultiplication signSoftware frameworkSharewareReplication (computing)Proof theoryExploit (computer security)IP addressRevision controlCategory of beingService (economics)SoftwareModul <Datentyp>Process (computing)Patch (Unix)Computer wormData loggerInformationVideoconferencingVideo game consoleSound effectOrder (biology)Internet der DingeLoginDenial-of-service attackComputer animation
36:08
Advanced Encryption StandardComputer wormModal logicProjective planeTwitterParameter (computer programming)Computer wormSoftwareAreaCartesian coordinate systemComputer animation
37:09
FeedbackObservational studyTwitterReading (process)EmailCASE <Informatik>BitAddress spaceComputer animation
Transcript: English(auto-generated)