Worm Fixes IoT Security Failures

A security engineer has devised a worm that is able to infect vulnerable IoT (Internet of Things) appliances and change their weak credentials.

Trojan Worm Fixes IoT Vulnerabilities

The software engineer Leo Linksy from the network monitoring company PacketSled has released an interesting piece of code – a Trojan worm that infects IoT appliances with weak security. The code affects those Internet of Things products that run with their default settings, usually meaning very weak username and password combinations. Its goal is to change them to a more secure pair.

This in practice makes the Trojan an anti-worm program that can be used to protect networks against possible hacker intrusion attacks. The code has been devised as an academic research project and is intended as a proof-of-concept.

In theory such tools can be used to reduce the number of attacks. Limited demonstrations were made in a test environment where the code showed that it can be used effectively.

And yet, there are some things about the worm that make it potentially unsafe to use in a production environment:

• Password Change – The worm needs to devise a mechanism that supplies the changed account credentials to the system owners or network administrators. This is an important feature that would allow it to be used for vulnerability assesment and remedy
• Known intent – The Trojan needs to be run against a network when permission is granted. Otherwise it could completely modify the running services and cause disruptions and even damage if the administrators are not aware of its presence and activity

One of the main reasons why people might consider the worm is for proactive assessment of a network where Internet of Things (IoT) products are used.

Such similar worms have been devised in the past. Last year Symantec reported about which hacked thousands of home routers and Internet-connected consumer appliances and applied security patches that amended any discovered vulnerabilities. The program also shuts down the telnet service on all affected devices which protects them from many hacker attacks. This worm also includes a module that specifically protects DVR and CCTV systems made by Dahua by rebooting the appliances once a week which resets the memory and flushes out malware code that might be injected in the systems.

A New Wave Of “Good” IoT (Internet of Things) Worms Might Be upon Us

All of this means that we might see a wave of “positive worms” that would protect rather than compromise our connected appliances. This would be beneficial to IoT (Internet of Things) products as they are one of the most vulnerable consumer and business market segments of Internet-connected electronics. This proof-of-concept worm is merely an example of what would be possible if security researchers took up action against bad security practices.