What if a Google Home you are using suddenly starts playing a song on a full volume without your command? You may switch it off assuming it was just a hardware failure.
But considering the news which says that a new malware pops out and bricks 1000s of IoT gadgets, it may be a warning that your Google Home has been hacked by a hacker and now, your Google Home only follows his command!
IoT devices are the major parts of our life. From activity trackers to home security cameras these feature-packed pieces of technology are changing the way we are living our life. But IoT devices are connected to the internet and anything which is connected to the internet is hackable.
Recently, a 14-year-old hacker created a new strain of malware and named it Silex malware. This Silex malware bricks IoT devices. It has bricked over 4000 IoT devices in just a few hours.
Though another malware named Bricker Bot already destroyed millions of IoT devices in 2017, with the advent of a yet another Silex malware, the world is shocked.
Compared to other hackable things, IoT devices have very frail security boundaries. They are protected with only a password which is often left at the default setting.
Hackers can easily overcome it by performing a brute force attack. The reasons why IoT devices are lacking security are less aware of risks and lazy manufacturers.
So, sensing the urgency, we will study about Silex malware and how one can avoid IoT device hacking. We will also discuss one industry which will suffer most from this kind of malware.
What is Silex malware?
According to ZDNet, the Silex malware was created by a 14-year-old hacker called Light Leafon. As soon as he released the malware, it has affected thousands of IoT devices and no one could spot it expect Larry Cashdollar who is a security exploit researcher.
According to Cashdollar, Silex malware uses default credentials of IoT devices to log in and destroy the system. He added that Silex initially affected 350 devices and then it spread to thousands of devices.
How does Silex Malware work?
Time-travelling to the last paragraph, Cashdollar said that malware uses default credentials to log in the IoT devices. But to retrieve the credentials, the malware first trashes IoT device’s storage then drops the firewall rules and lastly removes the network configuration.
Silex malware is so intense that once an IoT device gets affected with it, it is impossible to recover it. However, by manually reinstalling firmware of the device, one can recover an infected IoT device.
Silex Malware like other malware
Between April and December 2017, a malware named Bricker Bot destroyed over 10 million IoT devices and that same malware inspired Silex malware to pop out in 2019.
The creator of the Bricker Bot malware is known under the pseudonym of the Janitor. He created Bricker Bot and deployed it to protest against owners of smart devices. However, like Janitor, Light Leafon hasn’t declared his motive behind Silex malware.
How to keep your IoT devices away from Silex like malware?
The Silex malware makes your IoT devices infected by guessing your device’s user name and password and because Silex malware is pretty new, it takes some time to get a fix update on your smart device from the company. So, what you can do as of now?
According to Jesse Irwin, a former employee of password management app 1Password, as soon as you buy a device which comes with the hard-coded credentials, change the default password and user name as quickly as possible.
By doing so, you make it hard for Silex malware to know the credentials of your smart devices.
Here it is worth to mention that manufacturers are more responsible to stop such devastating cyber-attacks than users.
In 2018, the government of California banned manufactures manufacturing hardware with guessable login credentials like “password” and “12345”.
The government also imposed the rule, saying manufacturers of IoT devices should encourage users to change the built-in passwords.
Majority of the manufacturers use the Linux operating system to run the devices. But when it comes to the Linux operating system, it doesn’t offer a secure environment like a custom-built operating system.
Just because it is less expensive and manufacturers don’t require to develop a custom operating system, they simply don’t motivate themselves to even think about a custom-built operating system.
On top of this, they never release an update for the IoT devices, leaving IoT devices in a most favourable playground of hackers.
That one industry which will suffer most from this kind of malware
Though Silex malware targets so not costly IoT devices like webcam and routers, there is one industry which needs to start figuring out possible ways to decode such threads, looking at the costly hardware they are using. Yes, you guessed it right. We are talking about e-scooter rental companies.
E-scooter rental companies own thousands of e-scooters and earn really well from it. But there are two major limitations of e-scooters which may cause e-scooter rental companies to lose millions of dollars. First is, e-scooters are connected to the internet and second is, buying an e-scooter is a costly choice.
So, if a hacker hacks the fleet of e-scooters and e-scooter rental company isn’t armed with technology to recover it, its business gets affected to a large extent. However, any case of e-scooter hacking has not been reported yet.
In the nutshell
Hackers are everywhere and devices with less security are their soft targets. So, it is advisable for both users and manufacturers to walk parallel with each other in order to create a safer online environment. Here, the role of government is also significant.
With a few rules, they can force manufacturers to develop secured IoT devices and spread awareness related to hacking among users. But what about an e-scooter renal business owner?
Well, they should start consulting cybersecurity experts, otherwise, a 14-year-old boy can be the reason behind their financial instability.