Back in October 2016 we experienced Mirai, which took down popular websites and services including Twitter, Airbnb and Netflix. Mirai leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!
More recently we were introduced to Persirai, a more advanced version of Mirai, likely to have evolved due to the Mirai code being made public. Persirai has aggressive features by exploiting a zero-day vulnerability to steal the password file from an IP camera regardless of password strength.
We now have Reaper, the latest botnet threat, another flavour from the same family but a lot more vicious than its predecessors, already infecting millions of devices and the numbers are growing. While Mirai only exploited devices with default credentials, Reaper exploits several vulnerabilities, making it easier to recruit into this botnet army. Experts are predicting that the potential impact is even bigger than the Mirai and Persirai.
To prevent your IoT devices being victims of malware and causing disruption to your business and home, organizations and consumers need to deploy strong security that focuses on both weak credentials and software vulnerabilities. It’s important to not only change passwords regularly, but also ensure they are encrypted.
To address Reaper now, we need secure software and firmware patch updates, and consumers must adopt the habit of patching their devices as soon as the updates become available.
Device Authority is available to advise and assist those who have IoT security concerns in the wake of Reaper.