Brickerbot wants to break your devices

A new kind of malware could make your smart devices as useful as bricks. But there are ways to protect yourself.

Smart devices are under attack by new malware

Dan Misener CBC News Posted: Apr 11, 2017 5:01 PM EDT | Last Updated: April 12, 2017

No one knows who is behind Brickerbot or what's motivating them. (Kacper Pempel/Reuters)

There's a new kind of computer malware on the block. It doesn't want to spy on youor hold your data for ransom. Instead, it wants to corrupt and destroy your computer hardware. And it's called Brickerbot.

What is Brickerbot?

Brickerbot is a type of malware malicious software that was discovered by a researcher at a cybersecurity company called Radware.Brickerbot is a particularly nasty piece of softwarebecause its goal is to renderyour devices unusable.

Brickerbot wants to mess up your smart baby monitor. ((Ted Kritsonis))

For example, let's say you havea security camera that's hooked up directly to the internet. Brickerbot would try to remotely log in to your camerathen try to break it.Pascal Geenensis the researcher who discovered this malware. He said this is what's called a "Permanent Denial of Service" attack.

He explained:"A permanent denial of service attack is typically where you will try to override softwareor try to destroy hardware in such a way that the device cannot be recovered without experts doing recovery on the device."

This malware tries to make your devices about as useful as a brick, hencethe name Brickerbot.The attacks were first identified last monthand are still going on.

Didn't this same thing happen last year?

We saw a very similar type of remote attack last yearwith the Mirai botnet.Mirai was used in several large-scale network attacks, including the attacks that took down Twitter, Reddit, Netflix, Airbnband others.

The Mirai botnet made it impossible to Netflix and chill (Elise Amendola/Associated Press)

Like Brickerbot, Mirai works by scanning the internet, looking for vulnerable internet of things devices, like cameras, home routers anddigital video recorders.When it finds one, it installs malware on the deviceand makes it part of a botnet, which is basicallya large army of devices that can be used as weapons to take down websites.Instead of trying to recruit your devices into a bot army, Brickerbottries to mess them up so they don't work anymore.

What type of devices are vulnerable to this type of attack?

Brickerbot seems to be going after a number of different internet of things devices that are directly connected to the internet,meaning they have IP addresses that are publicly available on the internet. They also seem to be targeting devices that run embedded versions of Linux,like routers, IP cameras anddigital video recorders.

Part of the issue with some of these devices is that out of the box, they have a default password. And if nobody changes that password, it's easy for malware like Mirai or Brickerbot to get in and wreak havoc.

Changing factory-set passwords can help protect your smart devices from Brickerbot, but that can be tricky to do. (Shutterstock)

According to Geenens, for some internet of things devices, it can be very difficult to change the default password.

"Now the big problem that we have today if you are a consumer is, how do I know my device is secure? I go buy a smart fridge, how do I know it's secure?" he said. "There is no third party organization that gives out the label for security. So that means that we have to trust the vendors."

Geenens says he's seen plenty of internet of things devices that claim to be secureand aren't.

Why would someone design a bot to destroy devices like this?

We don't know who created Brickerbot, so it's difficult to understand their motivations.With Mirai last year, it makes more sense. If you can create a botnet out of hundreds of thousands or millions of internet of things devices, you can sell access to your botnet. There are financial incentives.

It's less obvious why someone would want to create software that renders the internet of things unusable.But there are a few theories. One is that Brickerbot was created by someone who's upset by the current state of security in the internet of things. The second is that it's someone who's angry at device manufacturers for not fixing security issues like easily guessable default passwords.

It's possibleBrickerbot is designed to be a sort of vigilante, disabling internet of things devices before they can become part of a botnet.

Brickerbot could make it lights out for your smart light switch. (Steve Marcus/Reuters)

What can individuals do to protect themselves from this type of attack?

The good news is many consumer devices on the internet of things are sitting behind a gateway like router so they're not directly addressable from the public internet.

Last fall, when the Mirai botnet was in the news,I talked to security expert Ken Munro.

Munrosaidif you're considering an internet of things device, like a smart thermostat or internet-connected baby monitor,you should go for a brand name that you recognize and trust since well-known companies are more likely to issue updates that fix security holesand patch vulnerabilities when they are found.

The other option, is simply to avoid so-called "smart home" devices, though that's becoming increasingly difficult. If you dohave deviceshooked up to the internet like a router,camera, or DVR I recommend looking up how to change the default password,because the security experts I've spoken to think we're only going to see more of this type of attack.

CBC's Journalistic Standards and Practices|About CBC News

Corrections and clarifications|Submit a news tip|