A new malware called BrickerBot is currently attacking numerous Internet of Things (IoT) products, leaving a trail of bricked devices in its wake, but it seems to only be attacking devices with lax security. Identified by a security firm Radware, BrickerBot uses a permanent denial of service type attack, a very simple exploit that gets into devices and completely ruins their internal software, most often rendering them useless. Only devices with extremely poor security or those that have been left on the default password and security settings by their owners seem to be subject to BrickerBot’s attacks at this point.
According to the author of BrickerBot, the malware is actually meant to do good. All of the devices BrickerBot targets have extremely low security for some reason or another, whether it’s the user’s fault or the fault of the company behind the device. By attacking low-security devices that could be easily taken over by any other type of exploit, BrickerBot is removing them from the equation when it comes to attacks meant for more nefarious purposes, such as stealing information from users, taking over home networks, or even putting those devices into a botnet and having them conduct coordinated attacks like the infamous IoT-led attack last year on DNS provider Dyn which saw a good chunk of the Internet in the United States shut down. The technical side of the attacks isn’t entirely hard to understand as BrickerBot uses commonly available commands and system calls that should typically not be available externally to modify system files and brick the devices it attacks.
Even if BrickerBot’s intentions are noble, the concept is not without its issues. Saving low-security devices from possibly being compromised is a good goal, but uncermoniously bricking them with no notification to the user does not do much to educate users on the risks of low IoT security. In fact, it’s not inconceivable for most users to simply assume that their device malfunctioned of its own accord and have it replaced. Exploits like this can be effective at showing the companies making the devices that their weak built-in security is a problem, but the actual use of BrickerBot is hardly legal.
