SECURITY EXPERTS have warned that Mirai, the malware behind an Internet of Things (IoT) botnet, could be adapted to survive device reboots, enabling hackers to build bigger and more disruptive botnets.
Mirai is able to take over insecure IoT devices, enabling attackers to build botnets that they can use in attacks - either surreptitious attacks or aggressive distributed denial of service (DDoS) attacks.
The malware surfaced last year when it infected, en masse, home security systems and digital video recorders (DVRs), which were running old versions of the open source operating system Linux.
Mirai is, perhaps, best known for its part in the DDoS attack on internet infrastructure firm Dyn, which caused problems accessing sites including Amazon, Netflix and Twitter.
Malware in IoT devices generally survives until the user reboots the equipment, clearing the memory and erasing any trace of malware from the device.
However, researchers from Pen Test Partners have discovered a new vulnerability that could enable the Mirai IoT worm and other IoT malware to survive between device reboots - creating what would be a far more resilient or even permanent IoT botnet.
In a blog post, the company claimed to have found a route to remotely fix devices vulnerable to Mirai, but that this same method could be used to make Mirai persistent beyond a power-off reboot.
It added that other widely used malware, such as Hajime and BrickerBot, used a different, less effective method in a bid to ensure pervasiveness.
The company said that it would not publish details about the method for fear that cyber criminals could use it to create a persistent Mirai botnet.
However, the researchers did reveal some details of other vulnerabilities and details that Mirai could exploit to become even more of a threat.
These included new DVR default credentials that could be added to Mirai's built-in worm component, a DVR brand that used daily-changing passwords, which had been published online in documentation, and a directory traversal bug that enables attackers to recover password hashes from remote DVRs.
If attackers exploited any of these, it could give Mirai a new lease of life and become an even more serious threat than it already is. µ
Justine Greening and Greg Clark among those affected
A whole new take on 'cord-cutters'
Surely everyone can get a long?
Report also points to an ARM coprocessor for Touch ID