As a technology professional and a futurist, I enjoy thinking about what is the next step in the evolution of the use of technology. One of the prominent theories for that next leap is dubbed the “Internet of Things”. The internet of things is a world where everything, from your house, to your microwave, to your car, is “smart”, connected to the internet, and controllable by a computer. Many of the prerequisites are already in play: IPv6, open hardware like Arduino, and RFID technology have laid the building blocks for more devices than ever before to be identifiable nodes on the internet. Smartphones have given you the remote control 2.0, an internet device carried by virtually every human being in the developing world with a wide array of uses. Wireless internet is expanding – 4G, wifi hotspots, and projects like Google Loon will give you access to the hyper expanding network from virtually anywhere on the planet.
A lot of the new “smart” devices joining Wi-Fi networks add new conveniences to our lives, but could potentially be opening us up to new vulnerabilities as well. I heard of a new one reading a blog by Arik Hesseldahl.
In his article, Arik states that researchers at security-software company Symantec say they’ve found a worm that is capable of attacking embedded Linux, a version of Linux that runs on certain types of smart devices. The worm is called Linux.Darlloz, and it appears to have been built to infect versions of Linux found in home routers, TV set-top boxes and security cameras, and also some industrial-control systems.
Writing for Symantec’s corporate blog, researcher Kaoru Hayashi says the worm targets versions of Linux running on Intel and other x86 chips, but there are already variants that target Linux on other chips, including ARM, PowerPC and MIPS.
The worm is designed to take advantage of an 18-month-old vulnerability in the OS that presents a Web interface to users for setting it up. These systems will often have basic user names and passwords like “admin” and “12345,” and it tries several known combinations of these, if any are required. If it encounters a vulnerable target, the worm downloads itself from a host server and then executes. Once it does that, it creates the file directories it’s going to use, and then seeks to cut off remote access to the now-infected machine by killing Telnet and other processes that may be running. Then it deletes a lot of other files.
And then it starts looking for a way to spread itself again. It does this by generating random IP addresses. If one of those addresses on the network turns out to be reachable, it then starts looking for directories that indicate if that original vulnerability is present, and the whole process starts over.
Hayashi says the worm doesn’t seem to do much now beyond propagating itself, and attacks against non-PC devices haven’t yet been observed. That said, as more of our appliances and houses become “smart”, we have to be mindful of the possibility for harm. Malicious code like this becomes the carrier for more serious hacks.
Details about the Worm from Arik Hesseldahl’s article, on allThingsD