The Hajime internet of things worm, which uses techniques similar to the Mirai botnet malware, apparently attempts...
to improve the security of the devices it infects -- rather than trying to damage or exploit them. It does not have any attack capabilities and instead displays a message from the author, who claims to be a non-malicious white hat hacker. How effective are vigilante malware efforts such as this? Could the Hajime IoT worm turn out to be malicious or have potential negative side effects?
Nick Lewis: At this point, it may seem that the only hope for securing IoT devices is to rely on cybervigilantes. The security industry seems to have little effect, at least so far. While regulation may help, there are still many questions about who should be responsible. Should enterprises that buy and deploy insecure IoT devices be held responsible? What about the manufacturers that made the devices, or the software developers who coded them? And what about the software development educators who failed to emphasize the importance of security? Don't forget the standards developers and industry consortia that should have been looking out for users. Aside from the ethical issues, questionable precedence and the many things that could go wrong if cybervigilantes are our only option, we need to think creatively about finding another solution.
That said, the Hajime IoT worm does appear to be capable of securing certain IoT devices. For example, it can disable the default ports used for remote control, which could improve the security of the devices, but it still leaves behind some of its own functionality that is capable of remotely controlling the device.
While the Hajime IoT worm attempts to ensure that only the worm's author can issue commands, by requiring all commands be signed with the author's private key, the remote control functionality could still be abused and used just like the Mirai botnet or worse. If the author hadn't included this functionality or had just coded the Hajime IoT worm to notify the vendor or the end user of the insecure device, rather modifying the device without permission, that might make it easier to see the benefit from the worm.
The key difference between the Hajime IoT worm and a legitimate remote administration tool that an enterprise might use is that an enterprise would want to control their own devices rather than the third party. Enterprises could then secure these devices and avoid most of the ethical issues.
Learn why IoT devices can be big business for cybercriminals
Read about Bricker bot, another IoT worm that attempts to do good
Find out about Wifatch, another piece of vigilanteware, and why it is risky
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with ... Continue Reading
Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay ... Continue Reading
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.