Worm attacks over unsecured protocals

Philips Elevation Ambilight+hue

Bruce Schneier isn’t the only person worried about this type of attack. I already turned off external access to my Hue lights following the IOT bot net news.

This is exactly the sort of Internet-of-Things attack that has me worried:

“IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten.

Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.

The worm of things

I remember ages ago my manager at the time Miles, talking about a scenario where one turned on phone on a flight from another country. Kick starts a virus/worm in another country. This was around the time of Nimda worm which was one of the prolific viruses/worms to date.

Nimda is a computer worm, also a file infector. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red. Nimda utilized several types of propagation technique and this caused it to become the Internet’s most widespread virus/worm within 22 minutes.

What is worrying is the amount of devices in the internet of things which could be passengers or infected

 Over millennia we humans evolved a powerful and personal instinct — trust — that helps to protect us as we make our way through life. It is a vital tool for survival in the physical world and weaves the fabric of our society. When we are in a relationship based on trust we are less vulnerable, which in turn allows us to collaborate and to be creative. Trust is also context specific — you trust your mechanic to fix your car, but probably not to manage your bank account. This is the principle of “need to know”: in each context only information that is needed for that context is available, and nothing more.

Windows WMF Metafile Vulnerability fix from reverse engineer

Well is this is a good way to start 2006 Microsoft. A very serious exploit was found in Windows during last week, and this time its a 0day exploit which means there's no patch available from Microsoft yet. Actually Microsoft are advising people to unregister the shimgvw.dll which is not a fix in anyones wildest imagination.

But luckly some reverse engineer called Ilfak Guilfanov has reversed engineer the shimgvw.dll and written a patch which runs on all 32/64bit Windows (aka no 95, 98 or ME support). From what I've read, it sounds like the patch is pretty safe (llfak has actually open sourced the code I believe) so I would recommend you download this patch till Microsoft sort out an official patch. And honestly do it now as there are tons of worms written for this exploit and there coming from many different directions. IM, Email, Browser, etc, etc. Oh by the way theres a checker too.

Pass this information to as many people as you can…

Comments [Comments]
Trackbacks [0]