Devices security: Infected by  IoT-Malware “Silex”

Smart Blog

Devices security: Infected by IoT-Malware “Silex”

An article released by ZDNet describes the outbreak of a IoT-malware “Silex”, which targets Internet of Things devices – the attacks may increase during the coming weeks.

Silex was spotted on June 25th by Larry Cashdollar, a researcher at Akamai. He noticed that it’s attacks had already wiped the firmware of more than 2,000 devices in the first few hours after it was discovered.

Silex is targeting pretty much any Unix-like operating system with default login credentials. Doesn’t matter if it’s an ARM-based DVR or an x64 bit system running Redhat Enterprise, if your login is root:password it could wreck your system,

wrote Cashdollar in one of a series of tweets.

Larry W Cashdollar:  IoT-Malware Silex
Due to Cashdollar, Silex trashes the devices storage and then discards the firewall rules as well as the network configuration. Then the device stops working completely. Without destroying the hardware, Silex is able to wipe out firmware and so stop the devices from functioning. Manual recovery is possible by reinstalling the firmware – but that can be a complicated task. The IoT-Malware “Silex” was reportedly developed by European hacker who is only 14 years old. The hacker calls himself “Light Leafon”. NewSky Security researcher Ankit Anubhav made contact with Light Leafon to find out details about the hackers motive. Anhubhav stated that Leafon started the malware project as a joke, but it has now turned into a full-time project for him. He has plans to make it even more destructive by giving it the ability to log into devices via SSH. The IoT-Malware “Silex” is currently only equipped with Telnet hijacking capability. This shows once again, that IoT devices can be very vulnerable when users do not take good care of security.

Author: Tim Cole
Image Credit: NewSky Security

Leave a Reply

Your email address will not be published. Required fields are marked *