cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,060
Brickerbot is a new strain of malware that intentionally bricks unsecured Linux BusyBox-based IoT devices. Unsecured devices are typically placed into service without changing the default password, thus allowing anyone that can Google the default password for a product line to take control of them. Researchers think that it is the work of a vigilante, as although the malware intentionally renders the device useless, it doesn't do more malicious things such as add it to a botnet. This gives the impression that the person who wrote the code wants to create awareness of the issues of running unsecured IoT devices by destroying them.

There are a couple of variants of the malware and both accomplish the same task. By using brute force tactics, the malware is able to discover open Telnet ports on unsecured devices. From there it performs a series of commands that render the device useless within seconds. According to the article, this is called PDoS (Permanent Denial of Service) by experts but is also known as "phlashing." Again researchers are concerned because rendering a device useless doesn't benefit the attacker by creating a botnet or educate consumers on proper security. This is a new phenomenon according to industry experts and infers hatred against IoT devices.

The entirety of the Radware security advisory can be viewed online. Here is an excerpt.

Imagine a fast moving bot attack designed to render the victim’s hardware from functioning. Called Permanent Denial-of-Service (PDoS), this form of cyber-attack is becoming increasingly popular in 2017 as more incidents involving this hardware-damaging assault occur. Also known loosely as “phlashing” in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations, PDoS can destroy the firmware and/or basic functions of system. It is a contrast to its well-known cousin, the DDoS attack, which overloads systems with requests meant to saturate resources through unintended usage. Over a four-day period, Radware’s honeypot recorded 1,895 PDoS attempts performed from several locations around the world.
 
That fancy new smart AC gets bricked. House becomes intolerable that July afternoon at 110 F.
That fancy new smart fridge gets bricked. All perishables get tossed. And hopefully before spoilage begins.
 
For a forum full of techies a lot of you guys sure are anti-tech lol.

I'm not anti Tech, I'm anti Stupid Tech. There are things that just don't need to be hooked up to the internet for any reason. Or if you absolutely insist that something that has no business on the internet be so anyway, then you should at least be responsible enough to change your damn password. So don't expect me to be sympathetic to someone hooking something stupid up to the internet and still being too damn lazy/dumb to practice at least basic security.
 
I'm not anti Tech, I'm anti Stupid Tech. There are things that just don't need to be hooked up to the internet for any reason. Or if you absolutely insist that something that has no business on the internet be so anyway, then you should at least be responsible enough to change your damn password. So don't expect me to be sympathetic to someone hooking something stupid up to the internet and still being too damn lazy/dumb to practice at least basic security.

You keep saying that while I check my phone to see if I have milk and eggs in the fridge before I get home from work :p

I love technology, my Nest has saved me a ton on my electric bill. I use my echo to quickly reorder things like dog foods or add a reminder to my list or calendar. I just love the convenience of a smart home. Maybe I am just a product of my generation and growing up around tech.
 
You keep saying that while I check my phone to see if I have milk and eggs in the fridge before I get home from work :p

I love technology, my Nest has saved me a ton on my electric bill. I use my echo to quickly reorder things like dog foods or add a reminder to my list or calendar. I just love the convenience of a smart home. Maybe I am just a product of my generation and growing up around tech.

I grew up around tech, actually being a Gen Xer I got to benefit directly from the massive changes that tech brought. That said, I don't need my fridge connected to the internet to remember what is in it. As far as my electric bill goes, the only thing Nest does that a high end digital thermostat doesn't is connect to the internet. I've had a fully digital and programmed thermostat for over a decade before the nest came out. I don't know why you would need to check your thermostat from your phone..basically ever. Hell I don't even remember the last time I even had to touch mine at all. It turns on the heat when it gets too cool and auto turns on the AC if too warm. I mean you talk about convenience, but the two things you mention I just don't see changing my life on any level. I mean I suppose if my memory was shit and I couldn't remember things longer than 10 minutes.
 
Hrmmm, in my home the only thing I have is a Nest thermostat - which was a gift (and I'll admit, we do like being able to adjust the A/C from our bed at night). No Smart TV. No smart refrigerator.... I guess my Chromecasts count though....
 
I grew up around tech, actually being a Gen Xer I got to benefit directly from the massive changes that tech brought. That said, I don't need my fridge connected to the internet to remember what is in it. As far as my electric bill goes, the only thing Nest does that a high end digital thermostat doesn't is connect to the internet. I've had a fully digital and programmed thermostat for over a decade before the nest came out. I don't know why you would need to check your thermostat from your phone..basically ever. Hell I don't even remember the last time I even had to touch mine at all. It turns on the heat when it gets too cool and auto turns on the AC if too warm. I mean you talk about convenience, but the two things you mention I just don't see changing my life on any level. I mean I suppose if my memory was shit and I couldn't remember things longer than 10 minutes.

The Nest can detect when you're not home so it can turn off the AC. It can detect when you're getting home so it'll start to cool down the house. I can control it from my bed and I can control it when I am away. I have saved well over $100/month with the Nest. Florida heat and my home has terrible insulation. As for the fridge, convenience; lets say a family member brought milk during the afternoon, instead of calling to find out I can just check what's inside and immediately make the decision to not stop for milk on the way home from work. I don't see how having a calendar to put appointments and reminders in is not having good memory. Maybe I am just a very busy individual.
 
Last edited:
I grew up around tech, actually being a Gen Xer I got to benefit directly from the massive changes that tech brought. That said, I don't need my fridge connected to the internet to remember what is in it. As far as my electric bill goes, the only thing Nest does that a high end digital thermostat doesn't is connect to the internet. I've had a fully digital and programmed thermostat for over a decade before the nest came out. I don't know why you would need to check your thermostat from your phone..basically ever. Hell I don't even remember the last time I even had to touch mine at all. It turns on the heat when it gets too cool and auto turns on the AC if too warm. I mean you talk about convenience, but the two things you mention I just don't see changing my life on any level. I mean I suppose if my memory was shit and I couldn't remember things longer than 10 minutes.

There are times when the presets simply dont work and it needs to be adjusted so bedridden individuals would disagree with you. Not everyone has the luxury of walking.

Also the nest does a lot more than you give it credit for. It can shut off the compressor early and still reach the target temperature for example. I had one of the "expensive" programmable digital thermostats prior to getting a nest. It was programmed and kept my temperature where I wanted it 98% of the time (there will always be times when youre normal preferences dont apply..i.e. if you get sick). Still I rarely touched the thing. Then I got a Nest, which I never touch - it learned my schedule on its own, and optimized it. Plus my electricity bill went down by about $75/month with no other changes to the house...
 
You haven't learned that 'security before convenience' lesson yet, give it some time.

I like the fact that technology has infiltrated my life, I have google tracking running 24/7 so I know where I have been and how long. I love having cameras in my house so I can see what's going on when I am away. I even let google monitor my internet for a free router at one point. I am all for privacy but for myself I could give a damn. I have suffered hacks but nothing personal. As long as my home is safe, I am happy with everything.
 
I like some of the "smart" home stuff.

I got a nest years ago for 2 reasons. 1) the ability to pull up the settings/schedule on my computer. as someone who at the time was also doing some HVAC work, i really hate the small displays. Trying to code anything in them via the little display is like trying to enter a long cheat code via a console controller LOL

my nest i can bring up the unit on my 29" screen and quickly make changes. I also like how i can change the temp remotely. When we first got it my schedule was very variable, so it was nice to be able to turn the AC on early as i was getting home.

the other thing I have is my irrigation system using a product called irrigationcaddy. there is NO display or controls on the unit at all. I have it connected to my network using ethernet over power adapters, since its out in the garage, and on my computer i bring up the interface and can makes all changes quickly and easily. Now it does have the option to allow remote access, but I dont see any need, for me, to do so. so that is disabled.

but it does have one thing i like, the OPTION to connect externally.

what i would really like to see is some centralized server software i can install on a small PC, like what i have pfsense installed on, that all my smart home devices connected to it. then through it, i could select which devices had remote access, and could secure as needed.

but sadly, everyone right now has their own product that might meet 1 need, but nothing more. so we end up having to get all sorts of devices from various manufactures that dont work with each other.
 
I am just going to be blunt, if Nest dropped your electricity bill $75-$100 a month, you either had a trash thermostat or didn't know how to program it. I've lived in Central Fla with the thermostat I have and I've lived in NY State. In a 2000 SQ ft house my electricity bill in both places has never exceeded $130/mo winter or summer. I don't freeze in the winter or sweat in the summer. Like I said, there is nothing the nest does that cannot be done with a "Good" thermostat beyond the phone convenience thing. Like I said though, my problem is not with the device itself, if you like it great. My entire point is that if you are going to have something like that you should at least know enough about it to have some security in place. I mean honestly the only thing I really find absurd is the whole smart fridge thing. I mean honestly even with 2 young kids it isn't that hard, but being fair perhaps this is the difference in my generation. We learned how to memorize important information, the younger generation never did as they had technology to do it for them the entire time. Either way the main point is not that this kind of tech is bad (stupid in most cases, but not bad), but that if you are going to have it you had better know how to secure it.
 
For a forum full of techies a lot of you guys sure are anti-tech lol.

The group here is not a bunch of young enthusiastic tech guys anymore, they have grown older and more set in their ways. Kind of how like many generations get over time, their way was always the best way growing up. I remember hearing arguments about how rotary phones are faster to dial because you know where the placement is versus dial pad.
 
For a forum full of techies a lot of you guys sure are anti-tech lol.

Just because you like tech doesn't mean you have to like ALL tech.

There is good tech, and there is bad tech.

Everything "IoT" and "cloud" is bad tech, that should never have seen the light of day and needs to be destroyed.

That's like suggesting because we are all into tech, we should all embrace Infinium Labs or Bitboys OY.
 
IOT is interesting but the only way im going to use it is if there is a controller in my house which I can connect to over a vpn with no connections to the internet by the devices themselves period. That is how I set up stuff for my clients and if the hardware does not support it then it does not get used.
 
The problem with a lot of these insecure devices is that the burden is carried by the consumer and even the internet at large when they are commandeered. By bricking them outright, they are taking them off the botnet game board, inconveniencing the irresponsible user and threatening the irresponsible business model of the manufacturer. Not legal but to quote Drew Barrymore, it's "not not-sexy".
 
IOT is interesting but the only way im going to use it is if there is a controller in my house which I can connect to over a vpn with no connections to the internet by the devices themselves period. That is how I set up stuff for my clients and if the hardware does not support it then it does not get used.

And that would be so expensive I would expect you wouldn't buy it. I do agree that would be a nice way of it being done but so many would not understand that the EAU for such a product would be so low they would have to bump price to offset overhead.

It is sad that everything is so cost driven that the best ideas don't see the light of day because it is a race to the bottom.
 
I am just going to be blunt, if Nest dropped your electricity bill $75-$100 a month, you either had a trash thermostat or didn't know how to program it. I've lived in Central Fla with the thermostat I have and I've lived in NY State. In a 2000 SQ ft house my electricity bill in both places has never exceeded $130/mo winter or summer. I don't freeze in the winter or sweat in the summer. Like I said, there is nothing the nest does that cannot be done with a "Good" thermostat beyond the phone convenience thing. Like I said though, my problem is not with the device itself, if you like it great. My entire point is that if you are going to have something like that you should at least know enough about it to have some security in place. I mean honestly the only thing I really find absurd is the whole smart fridge thing. I mean honestly even with 2 young kids it isn't that hard, but being fair perhaps this is the difference in my generation. We learned how to memorize important information, the younger generation never did as they had technology to do it for them the entire time. Either way the main point is not that this kind of tech is bad (stupid in most cases, but not bad), but that if you are going to have it you had better know how to secure it.

Try living in Florida where it's nearly 90+ all year around and in a flat roof home with little to no insulation. My bill exceeds $250/month on a average in our 2200 sqft home. Oh and we never use heat, so windows open during the cooler days to help lower the bill during those months. Our old A/C ran nearly 24/7 because our house felt hot all day. The Nest has solved those problems by only running at the right time of days and automatically adjusting on days it knows the weather will be cold out. Could I sit there and program or switch an old thermostat ever few hours to make sure it's the right temperature all year round? Yes, but why the heck would I subject myself to that when the Nest does it for me. There's no argument that the Nest is one of the handiest things to own right now and those against it are just stubborn in my opinion.

Smart fridge is nice, I like it :)
 
Just because you like tech doesn't mean you have to like ALL tech.

There is good tech, and there is bad tech.

Everything "IoT" and "cloud" is bad tech, that should never have seen the light of day and needs to be destroyed.

That's like suggesting because we are all into tech, we should all embrace Infinium Labs or Bitboys OY.

Lol, even the cloud is bad tech? I had a family member whos phone randomly crashed and wouldn't boot up one day, completely dead. The only thing keeping his 5+ years of photos he took was that I made sure he setup his google account to sync his photos online. Now he loves the cloud, best thing ever made. How could you call that bad tech?

If I was a celebrity or some kind of high profile target of hackers, then yeah I guess you have the right to be afraid. Luckily I am just some normal guy and if someone wants to break into my google account and steal photos of me and my friends at a BBQ or something, I guess they can enjoy the fap. Although I do have 2 factor authentication on everything and never use the same password twice so I think I should be ok as long as google maintains their security. Of course, anything can happen.
 
Lol, even the cloud is bad tech? I had a family member whos phone randomly crashed and wouldn't boot up one day, completely dead. The only thing keeping his 5+ years of photos he took was that I made sure he setup his google account to sync his photos online. Now he loves the cloud, best thing ever made. How could you call that bad tech?

The risks outweigh the benefits by far. The benefits could be similarly attained by just having the common sense to back things up every now and then.

Remember, there is no "cloud". It's just someone else's computer. You don't control it, and thus you can't trust it.
 
The risks outweigh the benefits by far. The benefits could be similarly attained by just having the common sense to back things up every now and then.

Remember, there is no "cloud". It's just someone else's computer. You don't control it, and thus you can't trust it.

Not everyone has that kind of tech experience and the cloud just makes life easier. The more technology gets intergrated into the lives and the easier it becomes to use, the more it will be prevailent in our current society. There's a reason Macs and Apple were/are one of the highest selling products in our generation. People like easy.
 
Not everyone has that kind of tech experience and the cloud just makes life easier. The more technology gets intergrated into the lives and the easier it becomes to use, the more it will be prevailent in our current society. There's a reason Macs and Apple were/are one of the highest selling products in our generation. People like easy.


People can like "easy" all they want, it still doesn't make "easy" a wise choice. Taking shortcuts, cutting corners, these things almost always result in trouble.

upload_2017-4-7_13-31-38.png
 
I love the IoT stuff. I love home automation. All these "smart devices" are awesome. It's like those 50's look into the future pictures, but better (I sure wish we'd have those again, looking into the future type of stuff...).

However, I always make sure that if the shit goes down, I have a manual way to operate things. SmartThings goes down? I have manual switches. Irrigation stuff goes down? Manually operate the valve.

It's fun, it's cool, it's exciting stuff.

I'm too young to know most of that stuff, but even as a kid there were a lot of people guessing what the future would hold. You don't see it much anymore.

This kind of stuff: https://www.reddit.com/r/RetroFuturism/
 
People can like "easy" all they want, it still doesn't make "easy" a wise choice. Taking shortcuts, cutting corners, these things almost always result in trouble.

View attachment 21334

I just feel like all this FUD is too dramatic. Is tech vulnerable to hacking and breaches? Yes. But in time we will adapt, unfortunately hackers adapt too, it's a constant struggle to maintain equilibrium which humans and technology will be fighting forever. For me on the other hand, I'll just enjoy it while I am here.

Of course for certain things we definitely shouldn't rely on technology but I don't think my house is going to explode because my fridge got hacked. But maybe keep the internet away from nuclear missiles and launch codes.
 
This morning power went out, i know this because all my lights default to ON state when power restores, part of the basic function of them so you can still use them with a light switch if needed. Still a startling sensation, but I do like being able to command lights as I walk in the door or have them come on when I pull in the driveway.
 
This morning power went out, i know this because all my lights default to ON state when power restores, part of the basic function of them so you can still use them with a light switch if needed. Still a startling sensation, but I do like being able to command lights as I walk in the door or have them come on when I pull in the driveway.

I have mine setup to color shift like a morning sunrise, and my amazon echo plays the theme from 2001, it's a very dramatic way to wake up lol.
 
Or maybe the h4X0R was having a bad day and was cranky...

But I'm betting he was more likely on a power trip. A lot of hackers do get highs from taking over someone's machine.
 
Back
Top