The IoT botnet wars, Linux devices, and the absence of basic security hardening
2017-10-21, 11:45–12:25 (UTC), Galerie

We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.

Some of the fundamental security concepts we will cover include:

Closing unused open network ports
Intrusion detection systems
Enforcing password complexity and policies
Removing unnecessary services
Frequent software updates to fix bugs and patch security vulnerabilities

We will also delve into the arguments and counter-arguments of vigilante hacking with Hajime and BrickerBot as examples and the potential long-term consequences in this new age of connected devices.


This talk will cover the ongoing battle being waged is leveraging insecure Linux-based Internet of Things (IoT) devices. BrickerBot is an example of a recent malware strain attacking connected devices and causing them to “brick,” making an electronic device completely useless in a permanent denial-of-service (PDoS) attack.

Additionally, the Mirai botnet consisted of connected printers, IP cameras, residential gateways, and baby monitors that flooded DNS servers. Mirai was behind the largest DDoS attack of its kind ever in October 2016, with an estimated throughput of 1.2 terabits per second. It leveraged these enslaved devices to bring down large portions of the internet, including services such as Netflix, GitHub, HBO, Amazon, Reddit, Twitter, and DIRECTV. BrickerBot’s goal appears to counter Mirai’s: Bricking insecure Linux devices so that malware such as Mirai can’t subjugate these devices in another DDoS attack. We will take an in-depth look at the anatomy of the attack.

We will then dive into basic some security hardening principles which would have helped protect against many of these attacks. Some of the fundamental security concepts we will cover include:

Closing unused open network ports
Intrusion detection systems
Enforcing password complexity and policies
Removing unnecessary services
Frequent software updates to fix bugs and patch security vulnerabilities