Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about IoT and a media streamer in light of the recent DDoS attacks


  • Please log in to reply
16 replies to this topic

#1 HairyApricot

HairyApricot

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 22 October 2016 - 11:45 AM

So like many of you, I am cautious about whether any devices are at risk, or whether they actually constitute as IoT. The only one that comes to mind is a Linn music player that my uncle has. It can stream music from either your PC, if the software is installed, or a phone, tablet etc. Thing is, its connected by Ethernet into the router, and to my knowledge can only be accessed inside the local network. After looking through his manual, I cannot find anything about default passwords or such. So is this device safe or not? Thanks :)



BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:12 AM

Posted 22 October 2016 - 01:48 PM

Some do not need a password because if you are on windows it uses your network credentials which is why you can only see/share with certain devices that have media sharing/streaming enabled. eg if you have an xbox 360 or an xbox one then on windows 7+ you can send media to it with your computer by right clicking your media and hitting ("Play To" in windows 7) Cast to device. any device in your private network should be fine unless the company that supports/makes the devices had gotten attacked (and for major companies, especially ones that use DLNA, will take much longer to access), and with the recent DDOS attacks, that is just script kiddies trying to "prove a point" or someone pissed them off.  so you shouldn't worry about that unless you specifically had "upset" someone that has the knowledge to ddos, which almost anyone can do now. doesn't take much.

 

 

In other words, you should be just fine.


Edited by Viper_Security, 22 October 2016 - 01:50 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#3 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 23 October 2016 - 01:55 PM

Cheers. Just not even sure whether this thing can make requests outside the network or not.



#4 Viper_Security

Viper_Security

  • Members
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:12 AM

Posted 23 October 2016 - 02:47 PM

Most dlna products (like roku) are programmed to not even think about that as a possibility.


    IT Auditor & Security Professional

hQBT2G3.png


#5 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:12 PM

Posted 27 October 2016 - 09:58 PM

I cannot disagree with the above post more strongly. The recent DDOS attacks were not performed by "script kiddies". The attack was the result of 100,000 IOT devices that were hacked with the the Mirai exploit using the devices default username and password. Everyone is at risk if you do not change your devices default password when you set them up. You don't have to "upset" anyone to be affected. The search engine Shodan will detect these devices automatically. If your devices are vulnerable and available to the Internet its not IF they will be hacked it's When.

Edited by Sneakycyber, 27 October 2016 - 10:00 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#6 Viper_Security

Viper_Security

  • Members
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:12 AM

Posted 27 October 2016 - 10:34 PM

Lmfao, Comment Deleted.


Edited by Viper_Security, 27 October 2016 - 10:38 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#7 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:12 AM

Posted 27 October 2016 - 10:47 PM

 

If your devices are vulnerable and available to the Internet its not IF they will be hacked it's When.

+1

 

 

Reportedly, the attack code has built-in scanners that look for vulnerable smart devices in homes and enroll them into a network of Botnet, that hackers and cyber criminals can then use in a DDoS attack to temporarily shut down any website.

Source Code for IoT botnet responsible for World's largest DDoS Attack released Online

 

 

NOT changing the default user name and password on any device including routers is just plain dangerous


Edited by NickAu, 27 October 2016 - 11:03 PM.
fix link

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#8 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 28 October 2016 - 06:04 AM

I cannot disagree with the above post more strongly. The recent DDOS attacks were not performed by "script kiddies". The attack was the result of 100,000 IOT devices that were hacked with the the Mirai exploit using the devices default username and password. Everyone is at risk if you do not change your devices default password when you set them up. You don't have to "upset" anyone to be affected. The search engine Shodan will detect these devices automatically. If your devices are vulnerable and available to the Internet its not IF they will be hacked it's When.

Yeah but the issue is there is no way to change it on this device. There is no password or anything for it.



#9 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:12 PM

Posted 28 October 2016 - 06:26 AM

If the device is only streaming over your local network you should be fine. It's mainly device designed to connect to the Internet that are the most vulnerable. As long as you secure your router your network should be safe. You can use http://iotscanner.bullguard.com to check your router.

Edited by Sneakycyber, 28 October 2016 - 06:27 AM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#10 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 28 October 2016 - 07:11 AM

Ah I see. Nah I changed all my routers default settings a long time ago, wouldn't leave that. I just couldn't tell whether this particular device was an issue.



#11 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:12 AM

Posted 01 November 2016 - 04:17 PM

New IoT Botnet Malware Discovered; Infecting More Devices Worldwide
 

 

 

Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT) devices into a botnet to carry out massive DDoS attacks.
 

Dubbed Linux/IRCTelnet, the nasty malware is written in C++ and, just like Mirai malware, relies on default hard-coded passwords in an effort to infect vulnerable Linux-based IoT devices.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#12 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:12 PM

Posted 01 November 2016 - 05:49 PM

@ NickAU,

 

I hadn't seen that article yet, thanks for the heads up!  :thumbup2:


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#13 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 02 November 2016 - 01:29 PM

So this is targeting the same devices that were exposed in the first attack?



#14 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:12 AM

Posted 03 November 2016 - 04:38 PM

Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#15 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 04 November 2016 - 07:22 AM

So I have a question. All these botnets based off the Mirai sourcecode are using the same leaked default credentials. Is there no way to patch these credentials?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users