Reply to post: Re: Hajime discovers devices on TCP port 23

Mysterious Hajime botnet has pwned 300,000 IoT devices

Meph

Re: Hajime discovers devices on TCP port 23

There's a certain percentage of regular Joes that believe their web browser is "Windows" and that the screen is the computer. They have more network bandwidth available than they'll ever use, and will in all likelihood, never notice that their fridge, TV and microwave all moonlight as minions of a botnet herder, regardless of hat colour or orientation.

Educating the masses isn't even really a viable answer, because there are too many out there who convert information to white noise on the basis that they "can't possibly understand this technology", so they refuse to even try.

The coup de grâce arrives via the medium where a branded offering with all the appropriate security built in is invariably more expensive than the cheap 'n cheerful version that can be hacked with an etch a sketch. This results in good old Joe buying the one that makes his wallet cry less, and leaves the door wide open to exploitation.

Perhaps there's a way to resolve the issue with the power of those of us working in the world of IT, by making Telnet/SSH access through commercial ISPs an optional extra (perhaps even for a token fee). This way, only people who both know what SSH is, as well as knowing the risks they're taking will buy it, and it might force manufacturers to use other ports for their IoT devices to phone home. At the very least, it will remove remote admin access as a potential attack vector.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon