Sign in / up

back to article Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways

Sierra Wireless cellular modems are being infected by the Mirai botnet malware used to smash systems offline. Mirai commandeers web-connected cameras, sensors and other Internet of Things (IoT) devices using the default factory-set login passwords in their firmware. It has been fingered for unleashing the largest DDoS attack …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Brian Miller

    Shocked!

    Shocked that default passwords are being left in place on supposedly tightly-controlled hardware! And there's gambling in Rick's!

    4 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Shocked!

      Russian gambling.

      0 0 Reply
  2. Roland6 Silver badge

    What's worrying about this is that the malware writers are now targeting gateways, and apparently having some success.

    This vulnerability or feature of gateways and other systems in the "dark web" has been known for some years now - remember the Carna botnet/Internet Census 2012? because it is widely known that practically the only systems on the Internet running AV software are (Windows) PC's. Plus another nice thing about gateways is that they tend to be left running 24x7.

    I suspect that Mirai is getting publicity because it is the first true piece of malware to be detected that exploits the vulnerability of these appliances.

    4 0 Reply
    1. phuzz Silver badge
      Reply Icon

      All the AV software in the world isn't going to save you from having a default/easily guessable password.

      Also, if you're leaving your Windows PCs accessible to the internet, without a firewall, you're braver than me.

      0 0 Reply
  3. Matt Bryant Silver badge
    WTF?

    WTF?

    It's not exactly new that network devices in the commercial arena have been targeted for years, so why are the manufacturers of consumer kit not putting a simple bit of code into the installation startup that forces the user to create a good password? It's bad enough they have a set administrator account, but a hard-coded password as well?

    1 0 Reply
    1. P. Lee
      Reply Icon

      Re: WTF?

      >why are the manufacturers of consumer kit not putting a simple bit of code

      Because IT security isn't something those who buy the gadgets are interested in, so why bother? None of this is likely to impact sales.

      We need to impact sales. Labelling can help here. Think food labels. Stickers / government certification might actually be the best way forward. Require them on all retail IoT gadgets, detailing the security stance of the product. This goes for home-grade ADSL routers etc too. Better to allow configuration by telnet from the inside, than allow upnp or have default access from the outside. No retailer wants big red warning stickers on their boxes.

      2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon