With the advent lack of security policies for smart home devices, the grave fears of cybersecurity researchers are steadily turning to reality. Hackers have gained access to the source code of the IoT botnet Mirai, which caused some of the most recent denial-of-service attacks and are now exploiting critical flaws in home routers.
Nearly a million routers provided by German internet provider Deutsche Telekom experienced repeated internet connection problems over this weekend due to a new strain of the botnet spotted in the wild. But the massive DDoS was not limited to a particular ISP in Germany but was part of a larger attempt to take down wireless internet services across the world, reports The German Office for Information Security. The range of this malware is said to span across countries including the U.K., Brazil, Iran, and Thailand.
This failure is part of a worldwide attack on selected remote management ports of DSL routers. This was done to infect the attacked devices with malicious software,
reads the offical statement.
This new strain of Mirai exploited vulnerabilities found in routers manufactured by Zyxel, Speedport, and possibly others. These routers and modems were exploited because their internet port 7547 was left open to outside connections. This opening was possibly used by intruders to send in commands, gain access and add these hardware devices to their already humongous collection of unsecured products, including baby monitors, security cameras, temperature controllers, among others.
After entering through the unsecured TCP port on these routers, the intruder caused the collection of routers to download a binary file and execute it. This made the now infected router to search for and further exploit the same vulnerability in its companions to form a network of infected devices ready for exploitation in a dedicated attack on websites likes Spotify, Twitter, and others who’ve faced the plight of attacks recently.
If even a fraction of these vulnerable devices were compromised, they would add considerable power to an existing botnet,
said Flashpoint security researchers in a blog post.
The cybersecurity researchers are completely right when they mention the effects of even the inclusion of part of these routers to the overall collection could boost the attacking power of this botnet considerably. To prevent the same from happening, Deutsche Telekom has already pushed a software update to patch the vulnerability in its routers. It has also mentioned that close to five percent of its 20 million customers suffered outages as a result of the attack.
In an official statement, the company has apologized for the inconvenience and stated,
There is no error pattern: some customers are experiencing temporary problems or very marked fluctuations in quality, but there are also customers for whom the service is not working at all. Based on the error pattern, we cannot exclude the possibility that the routers have been targeted by external parties with the result that they can no longer register on the network.
Currently, a software update is provided to all affected customers to fix the router problem. The software rollout already started and we can see the success of this measure.
But since the hackers are continually working to upgrade their codes to develop new and stronger strains of the Mirai botnet, we’ll have to wait and see if they exploit some other vulnerability in some other smart home device. Or if the devices gained with the weekend attack will be exploited to lead a distributed denial of service attack to knock down a website yet again.