BrickerBot Malware Attacks IoT Devices Bricking Them Permanently With A PDoS

There are lots of obvious examples of how IoT (Internet of Things) connected and smart devices can enrich our lives. However, as we've noted numerous times over the past year, there are a number of caveats that can also come with them. The glaring issue of course has to do with security, or the lack of it really. And perhaps the absolute lack of ownership certain manufacturers take with it and their products.

terminator nest 626px small

Research firm Radware once helps underscore the glaring need for better IoT security with some hard proof about what we're dealing with. Employing a "honeypot" approach - a system specifically designed to lure exploits - the firm found that IoT attacks are not just on the rise - they're becoming more and more destructive.

We're all familiar with DDoS attacks, those that flood a server with enough traffic to effectively drown it. But did you know about PDoS? It stands for Permanent Denial of Service, and it's just as alarming as it sounds. With the malware Radware dubs "BrickerBot.2," attackers attempt to take advantage of an IoT exploit that will effectively ruin or brick the device, requiring it to be repaired, or perhaps replaced entirely.

brickerbot fig1

Over a mere four-day span, Radware's honeypot encountered a staggering 1,895 PDoS attempts from several locations around the world. If these attacks directly hit a real IoT device, it could have rendered its critical firmware or storage subsystem corrupted. The example above will no doubt make any Unix admin feel a little queasy, as a number generator is used to corrupt all storage and the RAM, and if that fails, storage will attempt to be outright reinitialized, ruining all of the data on the drive.

An attack of this nature wouldn't render a simple IoT device physically destroyed, as the possibility would remain to reflash the product. However, many devices might not be designed for such recovery, and in many cases, it might just be easier to replace it, depending on its overall cost.

Cost isn't the major issue, though. What is, is the fact that these attacks are getting worse. It's not good, but it could bring with it an interesting upside: the more these attacks happen, the more companies are going to be forced to take security more seriously. It's not realistic to expect a market of products where IoT devices are free from some level of security risk. After all, if it's internet connected, it can be hacked. Regardless, there's no reason manufacturers should be seemingly resting on their laurels about this issue, as they are currently.

Tags:  Malware, security, DDoS, IoT