There has been a lot of news and hype around the potential of the Mirai botnet to wreak havoc. Unfortunately, that hype appears to be justified. Besides, the attack that took down the Internet service company, Dyn, and in doing so Netflix, Twitter, the BBC, and many other leading websites for a period of time. There have also been reports of it disrupting service for 900,000 Deutsche Telekom customers. And, in total, more 1.5 million devices have been infected by the Mirai botnet over the last few months making the likelihood of future and larger attacks inevitable. To make matter worse, a hacker open sourced the code so that it is now easy to create different strains and infect more devices.
So what is Mirai botnet malware?
Mirai is a malware that infects systems running Linux and converts them into bots – Think of those movies where a subject has been brainwashed and then released back into the populace to pursue a normal life, but with a mission set which his master can trigger with a certain phrase at any time. In this case, it is not to murder the President, but to carry out a DDoS attack – In a DDoS attack, the infected devices are used to flood a server with so many requests for information that it can’t cope and the service goes down.
The Mirai botnet malware is highlighting a problem known about for a while: the lack of security in many IoT devices such as cameras, DVRs, and routers. These devices are typically telnet enabled devices and the ones that were infected had default usernames and passwords. Telnet, although an archaic network protocol, is still used by developers and advanced users to communicate with remote devices.
It may seem like common sense for vendors of cameras and DVRs to use difficult default username and passwords, but unfortunately, many of them do not – Do you remember when you set up the devices and all you had to do was enter, ‘root’ or ‘admin?’ The problem is then made worse because they didn’t say clearly and explicitly enough to you about the dangers of not changing that password, consequently, you didn’t. If you think that it would take high-level of expertise to hack your personal cameras and devices, Mirai botnet used a simple trial and error method with a set of just 60 usernames and passwords to infect millions of devices.
Does it matter?
You may wonder why you should bother when Netflix goes down for certain few minutes or when you face a minor inconvenience when Twitter doesn’t work. All of us have faced network disturbances one time or the other due to patchy internet connections at home. But this is about much more than losing access to a website or services when your IoT devices are infected it means giving power over your thermostat, camera, or lighting to someone else. And not just Mirai: there are search engines such as shodan.io, which scans the public network for all sorts of internet connected devices and if your camera is unprotected or uses a default username/password, anyone in the world can access it.
So what can be done?
Lots of advice out there on the Internet tells you to make sure you have changed your default password. This will help, but it is only part of the solution. Your home network has many devices on it and it is difficult to know which device is affected or vulnerable to infection. Malware is exceptionally flexible and fast-moving meaning you might reset the password, but it gets reinfected by another device. And resetting the password will not be helpful if it has already been infected. Clearly, we need a solution that is capable of protecting your network as a whole, and not only able to detect unsecured devices, but also to identify devices that are already compromised. It should also be consumer-friendly and cost-effective.
With these guiding ideas in mind, we have launched our IoT device security service for our router, Almond 3. As routers are the connection between the outside Internet and all your devices on your local network it makes sense for IoT security software to sit here, making it possible to have a home network solution rather than a device solution. Almond 3, is better equipped to do so than other routers because it is both a router and a smart home hub, with unique knowledge of your WiFi and smart devices only possible because of its dual functionality.
Detecting vulnerable devices
As a first step, we have stripped and analyzed Mirai’s source code to understand how it works and then created a solution which can scan your network for vulnerabilities. When you connect any Internet-enabled device to Almond, a simple scan will tell you whether your device is susceptible to any Mirai type attack by letting you know if it has the default username and password for telnet and Http ports. Furthermore, the scanner will highlight other possible vulnerabilities in your IoT device and suggest possible fixes for them. Almond’s IoT scanner will act like an immune system capable of blocking any device that has been left susceptible, thus keeping your network always safe and secure.
Blocking compromised devices
What if your internal network gets compromised? An infected device inside your network can infect other IoT devices such as Amazon Echo or Nest thermostat. What if your Nest camera is making requests to some sites other than nest.com? It is very difficult to figure out whether the innocent looking thermostat in your home is compromised and is sending its data to places, where it shouldn’t. Worry not – having both router and a home automation hub along with a robust machine learning algorithm in our Almond, we have a solution! We analyze the outbound traffic from your IoT devices and catch any abnormality in their behavior. Almond will generate an alert in such a scenario and a user can choose to block the device and take corrective action.
At launch, this functionality will be available for around 20 of the most popular IoT and connected devices, like Nest, Amazon Echo, Wink, Smartthings, Hue, and more. An Almond user can easily observe the outbound activity happening in such devices from easy to use Almond App and learn more about what to do in case the device is compromised. We will expand this top 20 list to cover 100’s of devices in the future.
Browsing history classification
Almond 3 will keep track of web browsing history for all Wi-Fi devices connected to the network. Parents can then check the types of websites their children visit (e.g. General, PG, Restricted) and talk to them around their surfing behavior. Surveys indicate that a discussion based approach is more successful than blocking access to such websites, outright. This service is purely optional and is turned off by default.
One last thing…
We practice what we preach. In this spirit, we believe that keeping Almond itself safe from such breaches is our prime concern. Unlike traditional routers, our local web server ( router settings you enable by entering the IP address in the web browsers) – A potential entry point for hacker – will only be accessible if it’s enabled from the mobile app.
Securifi is redefining security solutions for routers and will continue to roll out incremental features with each and every update.
One Month Free Trial
IoT security and the web history recording are part of subscription services from Securifi and will be available in Almond 3 from 23rd January 2017 at $3.99/month. Subsequently, the service will be rolled out for Almond 2012, Almond 2015 and Almond+ from 28th February 2017. As an introductory offer, the services will be free for 1 month.
Get an Almond 3
The award-winning Almond 3, is a mesh router and smart hub combined in one. With Almond 3 you can blanket your home with seamless WiFi, connect up all your smart devices, and then control them with voice, buttons or an app.
Already the smartest router on the planet, it is now the most secure consumer router as well. It is the only consumer router capable of protecting your home network against Mirai botnet malware. Learn more.