BrickerBot creator Janit0r ‘retires’ after bricking over 10 million IoT devices

BrickerBot creator Janit0r has retired

Alleged Brickerbot creator Janit0R stands down from hectic career of compromising IoT devices. 

Janit0r, the alleged creator of BrickerBot, a piece of malware designed to damage insecure IoT devices so severely that they become redundant, has apparently retired, but not before claiming to have ‘bricked’ over 10 million IoT devices in his recent career.

The resignation letter came in the form of an email to computer help site, Bleeping Computer. Earlier in the year, the person behind the ‘Janit0r’ nickname, a self-professed ‘grey hat’ hacker, claimed that they invented the malware strain to brick IoT devices as a sort of ‘internet chemotherapy’, which could be used to damage vulnerable devices before they got infected with the Mirai malware.

Read more: BrickerBot ‘creator’ claims two million IoT devices have been destroyed

A brief history of Brickerbot

The Brickerbot malware was first detected in April this year. It works by searching the internet for vulnerable IoT devices, and then using exploit code to breach the equipment and rewrite the device’s flash storage with alternative data. This leaves many devices having to be reinstalled or even replaced altogether as the malware can even rewrite the firmware on the device.

Its author has claimed in several emails to have been behind many attacks and outages across the world, including ones against US and Indian internet service providers. However, the supposed perpetrator sent an email to Bleeping Computer announcing his sudden retirement.

They claim to be ‘retiring’ because although the project had been a technical success, they were worried that it was also having a “deleterious effect on the public’s perception of the overall IoT threat”.

“Researchers keep issuing high-profile warnings about genuinely dangerous new botnets, and a few weeks or even days later, they are all but gone. Sooner or later, people are going to start questioning the credibility of the research and the seriousness of the situation,” Janit0r wrote, pointing to the cases of the Persirai, Hajime and Reaper botnets.

Read more: European Parliament pushes on IoT device security and interoperability

Progress  made, but not enough

Janit0r added that while there had been some progress over the past year, with proposals for new security standards,  people, organizations and governments were still not doing enough or moving quickly enough. “We’re running out of time,” they added.

“Because of this, I’ve decided to make a public appeal regarding the severity of the situation. Taking credit for all the carnage of the past year has serious downsides for me and my mission… However I also recognize that if I keep doing what I’m doing, then people of influence may simply perceive the IoT security disaster as less urgent, when in reality they should consider it an emergency requiring immediate action,” they stated.

Operators of IoT DDoS botnets were taking precautions against BrickerBot, and this made Janit0r’s work even more challenging, they said, and they are wary of legal repercussions.

 

“There’s also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe),” Janit0r wrote.

“For a while now my worst-case scenario hasn’t been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am.”

Read more: Reaper IoT botnet proves less virulent than expected

Severe disruption ahead

As well as advising users to take sanctions against vendors that do not deliver security updates efficiently, the BrickerBot author suggested that ISPs use tools like Shodan to audit their networks and isolate ports and services that don’t need to be online. The internet, they warned, “is only one or two serious IoT exploits away from being severely disrupted”.

Ian Hughes, IoT analyst at IT advisory firm 451 Research, acknowledged that IoT security is a significant concern, but warned that companies are mainly paying attention to security holes when a public release of information forces the issue.

“A more credible approach is offering a bounty or proper reporting scheme to have problems raised and acted upon. The IT industry is full of examples of problems found and ignored, or attempted to be hidden, until they are made public, and IoT continues that unfortunate tradition,” he said.

Read more: Andromeda IoT botnet dismantled by international cyber taskforce

 

The post BrickerBot creator Janit0r ‘retires’ after bricking over 10 million IoT devices appeared first on Internet of Business.

Internet of Business

Ericsson forecasts 20 billion connected IoT devices by 2023

Ericsson forecasts 20 billion connected IoT devices by 2023

Ericsson forecasts 20 billion connected IoT devices by 2023

The latest edition of the Ericsson Mobility Report suggests that the number of connected IoT devices should increase at a CAGR of 19 percent up to 2023. More than 20 massive IoT cellular networks have been commercially deployed across several regions.

20 billion connected IoT devices by 2023

By 2023, over 30 billion connected devices1 are forecast, of which around 20 billion will be related to the IoT. Connected IoT devices include connected cars, machines, meters, sensors, point-of-sale terminals, consumer electronics2 and wearables. Between 2017 and 2023, connected IoT devices are expected to increase at a CAGR of 19 percent, driven by new use cases and affordability.

Short-range and wide-area segments

In the figure below, IoT is divided into short-range and wide-area segments. The short-range segment largely consists of devices connected by unlicensed radio technologies, with a typical range of up to 100 meters, such as Wi-Fi, Bluetooth and Zigbee. This category also includes devices connected over fixed-line local area networks and powerline technologies.

Ericsson Mobility Report chart: connected devices 2015-2023

The wide-area segment consists of devices using cellular connections, as well as unlicensed low-power technologies, such as Sigfox and LoRa.

1.8 billion IoT devices with cellular connections by 2023

At the end of 2017, there will be around 0.5 billion IoT devices with cellular connections. This number is projected to reach 1.8 billion in 2023, or around 75 percent of the wide-area category.

Presently, the dominant technology in the wide-area segment is GSM/GPRS. However, by 2023, IoT cellular connectivity will mainly be provided by LTE and 5G. The majority of these connections will be over LTE networks, while 5G technology will continue to support an increase in IoT applications, especially those requiring critical communications. 5G will also provide mechanisms for rapid and cost-effective introduction and provisioning of new IoT services.

Based on technologies like Cat-M1 and NB-IoT3, a growing number of cellular IoT networks are being deployed, with more than 20 networks now commercially launched across several regions.4

1 In our forecast, a connected device is a physical object that has a processor, enabling communication over a network interface
Note: Traditional landline phones are included for legacy reasons
2 Including: Smart TVs, digital media boxes, Blu-Ray players, gaming consoles, audio/video (AV) receivers, etc.
3 Cat-M1 supports a wide range of IoT applications, including content-rich ones, and NB-IoT is streamlined for ultra-low throughput applications. Both of these technologies are deployed on LTE networks
4 GSA (October 2017)

The post Ericsson forecasts 20 billion connected IoT devices by 2023 appeared first on IoT Business News.

IoT Business News

The installed base of wireless IoT devices in agriculture reached 17.0 million in 2016

The installed base of wireless IoT devices in agriculture reached 17.0 million in 2016

The installed base of wireless IoT devices in agriculture reached 17.0 million in 2016

According to a new research report from the M2M/IoT analyst firm Berg Insight, the installed base of wireless IoT devices in agricultural production worldwide reached 17.0 million connections in 2016.

The number of wireless connections is forecasted to grow at compound annual growth rate of 10.0 percent to reach 27.4 million in 2021.

There is a broad range of wireless technologies used in agricultural production with different characteristics and use cases. 802.15.4-based standards comprise the most employed wireless technology due to its wide adoption in dairy cow monitoring applications. The main application areas for cellular communication are machine telematics and remote monitoring via in-field sensor systems. Cellular connections amounted to 0.8 million at the end of 2016 and is expected to grow at a CAGR of 30.2 percent to reach 3.1 million in 2021. LPWA technologies are expected to achieve the highest growth rate and realise a significant market position in the remote monitoring and control segment.

Berg Insight’s outlook for the agricultural technology market is positive as agricultural production remains greatly underpenetrated by wireless IoT solutions. Manufacturers of farm and dairy equipment have traditionally chosen to partner with smaller and specialised players but increasingly focus on developing proprietary technologies. In the crop production sector, a group of companies have emerged as leaders on the market for precision agriculture solutions. Major providers include Deere & Company, Trimble, Topcon Positioning Systems and Raven Industries. Other significant vendors include AGCO, Ag Leader Technology, DICKEY-john and Hexagon. In the milk production sector, the world’s largest dairy equipment vendor DeLaval offers its in-house developed activity monitoring system along with its milking and dairy farming infrastructure solutions. Important providers of sensor systems for dairy cow monitoring furthermore include Netherlands-based Nedap and The Allflex Group subsidiary SCR which both sell their systems to a number of leading dairy equipment manufacturers and genetics companies.

Fredrik Stålbrand, IoT Analyst, Berg Insight, said:
chart: installed base of active wireless devices in agricultural production (World 2016-2021)

“Leading providers are now investing in technical platforms capable of supporting integration with third-party hardware and software solutions as agricultural equipment are becoming parts of broader systems.”

The increasingly complex technological environment that farmers operate in also demands dealers to offer a greater extent of services to integrate and support the range of technologies that are utilised in advanced production systems. “As interoperability between systems remains as a challenge, the need for services and technical support from local dealers is likely to increase with continued adoption of precision farming solutions, in-field sensor systems and animal monitoring technologies”, concluded Mr. Stålbrand.

The post The installed base of wireless IoT devices in agriculture reached 17.0 million in 2016 appeared first on IoT Business News.

IoT Business News

BlueBorne put billions of IoT devices at risk – including Echo and Google Home

A serious vulnerability affecting billions of IoT devices also put Amazon Echo and Google Home users at risk.

The vulnerability, known as BlueBorne, was discovered by IoT security company Armis and found to put more than five billion devices at risk of attack. Researchers have now confirmed the attack surface included as many as 20 million Amazon Echo and Google Home devices.

If compromised by BlueBorne, the device can be used to establish a ‘man-in-the-middle’ attack to gain access to critical data, personal information, web traffic, and network availability.

As the name suggests, BlueBorne is an airborne vulnerability over Bluetooth. A hacker does not have to be in the vicinity of the vulnerable device and can launch a remote attack from a compromised device with Bluetooth capabilities.

With many computers and smartphones featuring Bluetooth, the initial device could become infected through clicking on malicious links or downloading files. Once compromised, it can then use the BlueBorne vulnerability to infect other Bluetooth-enabled devices — such as the Amazon Echo and Google Home.

"Burgeoning demand for digital personal assistants is expanding the avenues by which attackers can infiltrate consumers' lives to steal personal information and commit fraud," said Yevgeny Dibrov, CEO of Armis. "Consumers and businesses need to be aware how their devices are connecting via Bluetooth, and the networks they may be accessing, in order to take security precautions to protect their information."

Business threat

Although thought of as consumer products, these devices are making their way into business environments for their digital assistant capabilities. This will raise concerns about IoT devices being used for espionage and/or blackmail.

“Rising airborne threats such as BlueBorne and KRACK are a wakeup call to the enterprise that traditional security simply cannot defend against new attack vectors that are targeting IoT and connected devices in the corporate environment,” added Dibrov.

“Every organisation must gain visibility over sanctioned and unsanctioned IoT devices in their environments. If they don’t, they’ll be victimised by a breach that can lead to stolen identities for customers and employees, impact their bottom lines, and even cost top executives their jobs.”

It is estimated there are 15 million Amazon Echos and 5 million Google Home devices sold, according to a report in September by Consumer Intelligence Research Partners. Additional estimates indicate that more than 128 million Echos will be installed by 2020 and drive more than $ 10 billion in revenue for the company.

Google Home and Amazon Echo have since been patched to address the BlueBorne vulnerability, but many others remain vulnerable. Armis has released an app on the Play Store which can be downloaded here and used to identify impacted devices.

Are you concerned about IoT device vulnerabilities such as BlueBorne? Let us know in the comments.

iottechnews.com: Latest from the homepage

Avira launches Safethings to guard smart home devices

Avira launches Safethings to guard smart home devices

IT security company Avira has unveiled its Safethings product, designed to protect smart homes and their IoT devices.

The application is installed in routers to secure devices in the home and uses machine learning and artificial intelligence to detect issues.

Executives from Avira say that the application can be delivered either via the router or by an internet service provider, so that customers don’t need to “act as the information security officers for their home.”

Connected devices are protected against hijacking, ransomware, misuse and intrusion, while owners can see and control how their connected devices handle data.

Read more: Bullguard CEO: “A safer smart home shouldn’t be complicated.”

Guarding connected devices

Safethings works by carrying out four actions. First, a software agent tags each device in the smart home and collects basic information about messages going in and out through the gateway.

Second, machine learning classifies each device, determines normal behaviour, and develops the logic needed to set the rules. It automatically and autonomously learns and adapts to develop more accurate detection methods.

Third, the AI detects unusual device activity and then shuts down the suspect activity without disturbing the device’s usual functions.

Finally, the user interface shows users what is occurring on the network, helping them to know more about the data that smart devices are collecting and broadcasting.

Read more: Honeywell launches Smart Home Security System

Smart home headaches

“We know that people don’t want to buy yet another device and they certainly don’t want the headache that comes with installation,” said Travis Witteveen, CEO of Avira.

“We know that users just want to enjoy the experience of the smart appliances, without leaving the couch, and while being safe. They expect security and privacy protection to just work. Together with our partners, the internet service providers and router manufacturers, we work to deliver IoT security and privacy to consumers, via their routers, in a highly effective and friendly way.”

In other words, to reap the benefits of Safethings, consumers will need to pick from Avira’s list of approved routers or internet service providers.

Read more: Smart home security could be targeted by hackers

The post Avira launches Safethings to guard smart home devices appeared first on Internet of Business.

Internet of Business