IoT_Reaper Botnet At 2+ Million Infected Devices

[ARikozuM]

1 minute ago, leadeater said:

Because you need to flush it when you're not at home lol.

Gotta bother the dogs while you're away, you know, to keep them awake. 

[AresKrieger]

24 minutes ago, rockking1379 said:

The only IoT device I have is my ecobee thermostat

Just wait til it gets hacked and turns off the heat in the winter while you're away ?

[ARikozuM]

Just now, AresKrieger said:

Just wait til it gets hacked and turns off the heat in the winter while you're away ?

My winters are now 100+ Fahrenheit... 

 

People are already wearing thin coats...

[Ginger_]

4 hours ago, LukaH said:

hide yo fridges, hide yo microwaves,.....

OP needs to select this as beat answer

 

@Lurick

[ARikozuM]

17 minutes ago, Ginger137 said:

OP needs to select this as beat answer

 

@Lurick

This is Tech News so there is no best answer except "F#ck EA". 

[flibberdipper]

I have the solution! /s

 

[Ryujin2003]

16 hours ago, Lurick said:

So far various device types from routers, to NAS boxes, to linux machines and temperature sensors have been seen as being infected.

Um I think your lying to us. Only Windows is vulnerable. Linux is supposed to be superior like Mac.. /s

 

Seriously though, not sure why consumers but this garbage. No one really seems to care about security... It's always in the back burner.

[Guest]

1 minute ago, Ryujin2003 said:

Um I think your lying to us. Only Windows is vulnerable. Linus is supposed to be superior like Mac.. /s

 

Seriously though, not sure why consumers but this garbage. No one really seems to care about security... It's always in the back burner.

Some random class in some random grade...

Some teacher: "Alright students, remember sharing is caring. That's it for today."

Ten years later...

That teachers student: "Oh, I can use this smart device and control it from my phone, awesome!"

Some random LTT forum member: "Hey man, that thing has terrible security and hackers could easily get into it and infect the rest of your stuff."

That teachers student: "It just controls my house appliances, so what if someone else can see it, I have nothing to hide mister you know everything."

Some random LTT forum member: "*Sighs* Whatever, I tried."

[Cookybiscuit]

Still not as many infections as the Windows 10 botnet.

[DroidIt!]

Here it is directly from the source https://research.checkpoint.com/new-iot-botnet-storm-coming/ There is also  a full listing of affected devices at that link. But it appears only devices running on the Lua programming language are targeted. So no Pc's, smartphones, etc. Lua code is run in a register-based VM like dalvic for Android. Lua is basically a very light programming language which makes it ideal for IoT devices. I'd suggest even if your device isn't listed, might still not be a bad idea to figure out what programming language is used on your gadgets.

[jagdtigger]

7 hours ago, Coaxialgamer said:

These IoT devices really should require first time password setup . Default settings on these devices is turning out to be way too much of an issue.

Even if the gadget forces the user to change the password in most cases the user will use the worst password possible (1234. abcd, etc). Not to mention that when the manufacturer makes the program for these security isnt their priority(probably its at the bottom of the list). Make it as cheap as possible, thats their motto...

[leadeater]

7 hours ago, tmcclelland455 said:

I have the solution! /s

Need to be far more obscure.

 

[KuJoe]

I like the idea of making devices that anybody can use, but this is getting ridiculous. They really should have a test administered by ISPs before letting people connect anything to the internet. Devices should require some form of username/password configuration out of the box before it can be used and UPnP should be disabled by default on all routers to prevent these devices from being publicly accessible.

[Lurick]

10 hours ago, leadeater said:

Because you need to flush it when you're not at home lol.

Gotta spook anyone who might be rummaging through your bathrooms  

[leadeater]

1 hour ago, KuJoe said:

UPnP should be disabled by default on all routers to prevent these devices from being publicly accessible.

Maybe make it so UPnP only works with certified devices, a bit like signed drivers in modern Windows.

[KuJoe]

5 minutes ago, leadeater said:

Maybe make it so UPnP only works with certified devices, a bit like signed drivers in modern Windows.

As somebody who likes to go the "build you own" route, I don't like this idea.

[leadeater]

1 hour ago, KuJoe said:

As somebody who likes to go the "build you own" route, I don't like this idea.

Well you could also have the "I know what I'm doing option disable certified device enforcement" option.

 

Edit:

Not that I even use UPnP though so what do I care 

[Lurick]

Just now, leadeater said:

Well you could also have the "I know what I'm doing option disable certified device enforcement" option.

And the common potato would check that once they found out it would "Make their PC faster" or whatever garbage came up to trick people into disabling it  

 

People are stupid, we need to eliminate people, it's the only way!

[KuJoe]

Just now, leadeater said:

Well you could also have the "I know what I'm doing option disable certified device enforcement" option.

But only in the dev/debug menu so people couldn't just click a button to disable it.

[KuJoe]

1 minute ago, leadeater said:

Not that I even use UPnP though so what do I care 

Have you ever used it? I enabled it one time for my NAS and after using it for 15 minutes I disabled it because it started opening ports I didn't need and weren't even in the documentation so I wasn't sure what they were used for.

 

My perspective is if you want to poke holes in your network's security, you should have to manually do it.

[Vode]

13 hours ago, ARikozuM said:

Am I the only one here who has placed all my smart locks and devices (TV's, fridge, etc.) onto a closed network with no internet access unless opened by me? Surely, I can't be. 

Same here. Have my NAS on a seperate wired router, which is not on the internet.

[leadeater]

3 minutes ago, KuJoe said:

Have you ever used it? I enabled it one time for my NAS and after using it for 15 minutes I disabled it because it started opening ports I didn't need and weren't even in the documentation so I wasn't sure what they were used for.

 

My perspective is if you want to poke holes in your network's security, you should have to manually do it.

Well considering I haven't used an ISP modem since dialup no . I've always half bridged/bridged to a proper firewall since adsl onward because consumer routers/firewalls are just bleh feature wise.

 

I setup an ERLite-3 at a friends place where my offsite server is and that has UPnP support... but disabled.

[flibberdipper]

5 hours ago, leadeater said:

Need to be far more obscure.

 

ooohhhhh, good idea.

[Okjoek]

IoT is a scam. 

[vanished]

15 hours ago, AresKrieger said:

Just wait til it gets hacked and turns off the heat in the winter while you're away ?

You mean like this?

https://hothardware.com/news/nest-thermostats-knocked-offline-during-dead-of-winter-due-to-software-bug