In 2016, an Internet of Things worm called Mirai tore through the internet, building botnets of millions of badly designed CCTVs, PVRs, routers and other gadgets, sending unstoppable floods of traffic that took down major internet services from Paypal to Reddit to Dyn.
Mirai spread by scanning for other IoT devices and then trying default login and password combinations on them, which meant that it could only infect devices whose default passwords had never been changed (this was nearly every device).
But there's a new IoT worm called Reaper (also called "Troop") that augments Mirai's default password tactic with an arsenal of common defects in IoT gadgets, which it exploits to gain control over systems even when the passwords have been changed. In a very short time, Reaper has compromised over a million devices and it's growing fast.
On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
THE REAPER IOT BOTNET HAS ALREADY INFECTED A MILLION NETWORKS
Hearthcabinet's "Ventless Fireplaces" use "pre-filled alcohol gel cartridges" -- that is, proprietary logs. When Drew quizzed the company's reps about this on Facebook, they danced around the question, but yeah, it's proprietary logs all right. The company notes that the design is patented (the founder, a product liability attorney named Michael Weinberger, has many related […]
It being 2019, you may now buy a portable cassette player with Bluetooth functionality. Meet Its OK, a ~$65 gadget currently firing up Kickstarter. Chaim Gartenberg: the It’s OK does the usual tape things, like playing cassettes or letting you record to tapes, it also bills itself as the world’s first Bluetooth 5.0 portable cassette […]
Eurogamer’s Will Judd flirts with heresy: “Are mechanical keyboards really good for gaming?” When it comes to PC gaming peripherals, stats and specs drive purchases. Gaming monitors became popular because they offered lower latency or higher refresh rates, while gaming mice boasted higher sensitivities and improved tracking accuracy. Yet this quantitative trend doesn’t seem to […]
When it comes to passwords, there’s no such thing as paranoia. You want them secure and complex, and you definitely don’t want to repeat them on all your accounts. The trouble is, the internet seems to keep growing. And so do those accounts. Just one lockout from an important email or banking site is enough […]
With the rising temperatures on tap this summer, the climate is going to be a frequent topic of conversation, and those conversations won’t be happy ones. Luckily, there’s a way to do a little climate change of your own – in a safe and sustainable way. When it comes to personal air conditioners, EvaPolar is […]
Whether you’re using them for next-level selfies or steady tracking shots, gimbals are a must for anyone who wants to maximize the potential of these powerful smartphone cameras we’re all carrying around. But those smartphones are also supposed to be portable, and let’s face it: Gimbals tend to offset that advantage. Weighing in at just […]