IoT Malware advances

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here:https://github.com/geo93033/u. In the header(s) you can find some credentials: Xmpp: [email protected] Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: …

Next level: updating devices with malware-infected firmware?

A new article that appeared on motherboard.vice.com (Hacker Claims To Push Malicious Firmware Update to 3.2 Million Home Routers ) talks about a new type of attack: devices that are being abused via their update mechanism to host a malware-infected (let’s call it malware for now) firmware.

Impossible? Not really. Of course, some of the problems that might appear are: How do you pair the device with the ”right” firmware? How do you rebuild the malware-infected firmware?

But the most important question: doesn’t the device (or the manufacturer) use a rather strong security mechanism to certify that the firmware is indeed legit? If it does, maybe it’s time to update it. If not… well, trouble ahead!

Anyway, it’s not really a case of ”trash the device”, rather a case of painfully (and costly) ways to identify and disinfect it.

But… does this look like the dawn of ransomware-vulnerable-devices? Yes, sure it does. Just wait for it… or better not, and be prepared.

Google Search Suggestions: Mirai

Google Search suggestions show an increase interest and, maybe, demand in Mirai – the piece of software used to create botnets capable of [very large] DDoS attacks. Brace yourself for new strains and attacks.

Mirai Suggestions
Mirai Suggestions

P.S. The part with ”mirai botnet tutorial” is kind of funny. Kind of.

Debugging ESP8266EX

One way of debugging what’s running on the ESP is using the UART console. But there is a trick – it might be locked at 74880 baudrate.

There’s a quick fix. Modify the user_main.c and add:

#include "driver/uart_register.h"

on top of it.

Also, in the main loop(user_init) change

void user_init(void){
os_printf("SDK version:%d.%d.%d\n" SDK_VERSION_MAJOR, SDK_VERSION_MINOR, SDK_VERSION_REVISION);

with:

void user_init(void){
uart_div_modify(0, 115200);
SET_PERI_REG_MASK(UART_CONF0(0), UART_RXFIFO_RST | UART_TXFIFO_RST);
CLEAR_PERI_REG_MASK(UART_CONF0(0), UART_RXFIFO_RST | UART_TXFIFO_RST);
os_printf("set baudrate to 115200\n\r");

Modify the 115200 with the value you want to use, but we suggest using some standard ones, like 38400, 57600 and 115200.