IoT Malware advances

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here:https://github.com/geo93033/u. In the header(s) you can find some credentials: Xmpp: [email protected] Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: …

Next level: updating devices with malware-infected firmware?

A new article that appeared on motherboard.vice.com (Hacker Claims To Push Malicious Firmware Update to 3.2 Million Home Routers ) talks about a new type of attack: devices that are being abused via their update mechanism to host a malware-infected (let’s call it malware for now) firmware.

Impossible? Not really. Of course, some of the problems that might appear are: How do you pair the device with the « right » firmware? How do you rebuild the malware-infected firmware?

But the most important question: doesn’t the device (or the manufacturer) use a rather strong security mechanism to certify that the firmware is indeed legit? If it does, maybe it’s time to update it. If not… well, trouble ahead!

Anyway, it’s not really a case of « trash the device », rather a case of painfully (and costly) ways to identify and disinfect it.

But… does this look like the dawn of ransomware-vulnerable-devices? Yes, sure it does. Just wait for it… or better not, and be prepared.

Google Search Suggestions: Mirai

Google Search suggestions show an increase interest and, maybe, demand in Mirai – the piece of software used to create botnets capable of [very large] DDoS attacks. Brace yourself for new strains and attacks.

Mirai Suggestions
Mirai Suggestions

P.S. The part with « mirai botnet tutorial » is kind of funny. Kind of.

Simple Serial Monitor Script for Raspberry PI

Since we started prototyping with our ESP8266EX modules, we found that the simplest way to control/debug is using a Raspberry PI (IO Voltage compatible with ESP8266EX). Since the module outputs serial data (via ESP_DBG statement), you can monitor it using a simple python script (that logs the data too) #!/usr/bin/python2.7 …

Debugging ESP8266EX

One way of debugging what’s running on the ESP is using the UART console. But there is a trick – it might be locked at 74880 baudrate.

There’s a quick fix. Modify the user_main.c and add:

#include "driver/uart_register.h"

on top of it.

Also, in the main loop(user_init) change

void user_init(void){
os_printf("SDK version:%d.%d.%d\n" SDK_VERSION_MAJOR, SDK_VERSION_MINOR, SDK_VERSION_REVISION);

with:

void user_init(void){
uart_div_modify(0, 115200);
SET_PERI_REG_MASK(UART_CONF0(0), UART_RXFIFO_RST | UART_TXFIFO_RST);
CLEAR_PERI_REG_MASK(UART_CONF0(0), UART_RXFIFO_RST | UART_TXFIFO_RST);
os_printf("set baudrate to 115200\n\r");

Modify the 115200 with the value you want to use, but we suggest using some standard ones, like 38400, 57600 and 115200.