lolloj - Fotolia
The Hajime internet of things worm, which uses techniques similar to the Mirai botnet malware, apparently attempts to improve the security of the devices it infects -- rather than trying to damage or exploit them. It does not have any attack capabilities and instead displays a message from the author, who claims to be a non-malicious white hat hacker. How effective are vigilante malware efforts such as this? Could the Hajime IoT worm turn out to be malicious or have potential negative side effects?
Nick Lewis: At this point, it may seem that the only hope for securing IoT devices is to rely on cybervigilantes. The security industry seems to have little effect, at least so far. While regulation may help, there are still many questions about who should be responsible. Should enterprises that buy and deploy insecure IoT devices be held responsible? What about the manufacturers that made the devices, or the software developers who coded them? And what about the software development educators who failed to emphasize the importance of security? Don't forget the standards developers and industry consortia that should have been looking out for users. Aside from the ethical issues, questionable precedence and the many things that could go wrong if cybervigilantes are our only option, we need to think creatively about finding another solution.
That said, the Hajime IoT worm does appear to be capable of securing certain IoT devices. For example, it can disable the default ports used for remote control, which could improve the security of the devices, but it still leaves behind some of its own functionality that is capable of remotely controlling the device.
While the Hajime IoT worm attempts to ensure that only the worm's author can issue commands, by requiring all commands be signed with the author's private key, the remote control functionality could still be abused and used just like the Mirai botnet or worse. If the author hadn't included this functionality or had just coded the Hajime IoT worm to notify the vendor or the end user of the insecure device, rather modifying the device without permission, that might make it easier to see the benefit from the worm.
The key difference between the Hajime IoT worm and a legitimate remote administration tool that an enterprise might use is that an enterprise would want to control their own devices rather than the third party. Enterprises could then secure these devices and avoid most of the ethical issues.
Learn why IoT devices can be big business for cybercriminals
Read about Bricker bot, another IoT worm that attempts to do good
Find out about Wifatch, another piece of vigilanteware, and why it is risky
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading