Malware attacks, including large scale Distributed Denial of
Service (DDoS) attacks, have made headlines over the last few
weeks. Research has suggested that these attacks have been caused
in part by a number of hacked "Internet of Things" (IoT)
devices, such as CCTV video cameras and digital video recorders.
These devices were affected by Mirai, a malware strain that scans
the Internet for routers, cameras, digital video recorders (DVRs)
and other IoT devices that are protected only by the
factory-default passwords. Once these devices are infected with
Mirai, they can be used to overwhelm a target with incredible
amounts of illegitimate traffic, making it difficult, if not
impossible for legitimate users to access the site.
When we think of a typical IT infrastructure and the devices
that are actively managed by an organization's IT department,
it is easy to forget about devices like CCTV cameras and DVRs.
These devices, however, are widely used in banks, hospitals, and
other industries that could be susceptible to this kind of
What steps can you take to help mitigate the risk of falling
victim to a similar type of attack?
Unfortunately, there is no easy way to tell if your device has
been compromised. However, there are some simple ways to eliminate
the infection in the event your device has been affected:
Conduct a Universal Plug 'n Play
(UPnP) Exposure Test. UPnP is a technology utilized by many IoT
devices that enables devices to communicate with each other. An
UPnP exposure test runs a scan on your device to determine whether
any of the network ports may be open and vulnerable to incoming
Disconnect the power source. The
Mirai malware strain is housed in the memory of the device. Once
the device is disconnected from its power source, the malware is
removed. Even though a disconnect of the power source will wipe the
malware from the device, the high frequency of the scanning
conducted by the infection can lead to the device being re-infected
within minutes of the reboot. A reboot alone is not enough to
Reset the device to the
factory-default settings. If any malware is present on the device,
the factory reset will wipe it permanently.
Change the default device password on
the web interface. Once the device is reset to factory-default
settings, use a Web browser to access the device's
administration panel and change the default password to something
with more complexity. Here are some helpful tips to increase the
security of your password:
Create a unique password that
utilizes a combination of words, symbols, numbers, and both
uppercase and lowercase letters. Passwords should be at least 8
Do not use any password that remotely
resembles the device's default password.
Do not use your network username as
Do not use words that can easily be
found in the dictionary.
Do not use easily-guessed keyboard
combinations, such as "123456" or
Change the default device passwords
for other methods of access, such as telnet or SSH (if enabled).
How often do you access your device using telnet or SSH? Probably
not often. Do you know if your device is accessible using telnet?
Probably not. Telnet and SSH are command-line, text-based
interfaces that are typically accessed via a command prompt. Even
if you have changed the password on the device's Web interface,
the same default password may still be utilized by remote users to
access the device using telnet and/or SSH.
If eliminating the infection is relatively easy, preventing
recurrence in a world where devices are constantly being scanned
across a multitude of remote access protocols is the biggest
challenge going forward. While most users are savvy enough to
change the default web interface password they use and know about,
many won't think to change the other methods available on
The Internet of Things has created a world where more and more
everyday objects have network connectivity. In turn, there are an
increased number of vulnerabilities that can be taken advantage of
to marshal attacks on networks, as we saw with recent attacks. Be
mindful of many devices you use that can be used against you, and
the relatively immature nature of IoT security.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).