The IoT of bricks: BrickerBot disables insecure IoT devices
I can’t justify the vigilantism, but someone is bricking vulnerable IoT devices. I ponder the morality of it all. It’s called BrickerBot. It finds IoT devices with dubious security and simply bricks/disables them.
Insecure dishwashers, teapots, refrigerators, security cameras—all become part of vast botnets. The botnets can do many things, and we’ve seen them become the armies behind the largest internet attacks in history. How to cleanse these devices has become the crux of many cries, including numerous ones in this space.
No one’s gone to jail for building the devices—but then no one’s gone to jail for building the botnets from these devices. Why? We have no vendor liability. Instead, organizations can design and implement the crappiest software on the planet, and they’re very highly unlikely to be punished. And so it continues.
Can bricking unsafe IoT devices work? Yes. It disables them and forces firmware updates—if the updates can even be done in the first place—because there were updates available. Civilians who purchased IoT-enabled devices have no clue how to do this. Perhaps one in 100 might be able to follow useful instructions—or even be motivated to update the firmware on their IoT devices.
Most people with infected devices don’t even know it. Hey, Marge, did you know the refrigerator’s been assaulting Level 3 again? Read more…