Monday, 05 December 2016 14:29

IoT eminently hackable – 900,000 routers down and millions vulnerable Featured


Hacked Internet of Things (IoT) devices are powering massive botnets and cybercriminals are offering DDoS attacks as a service. A total of 900,000 ZyXEL routers took down Deutsche Telekom users last week.

The IoT is essentially it is anything that connects to the Internet apart from a computer. That includes Wi-Fi routers, security cameras, thermostats, home appliances to sensors used in industrial and manufacturing applications.

IoT is inherently insecure – a lack of standards, operating systems, embedded passwords, and manufacturer’s backdoors make it so. For example, a team of security experts hacked 12 of 16 most common Bluetooth smart locks used in the US. Smart thermostats, security cameras and kids toys have also been hacked.

All IoT devices have some capability to send email alerts, or access the Internet to upload data and receive instructions and that is why access to them is sought after by hackers. According to Motherboard,  two hackers have created a new powerful zombie army of hacked IoT devices for rent to launch DDoS attacks.

The hackers claim to have improved on the Mirai “virus” enabling it to troll the Internet, find insecure devices, and bring them into the botnet. They now have over a million devices under control.

“The original Mirai was easy to take, like candy from kids,” the hacker, who calls himself BestBuy, told Motherboard in an online chat, referring to other competing hackers, who’ve been fighting in an online turf war to control vulnerable devices in the last few weeks.

Flashpoint puts the figure at around five million devices as the new Mirai virus finds more targets. It says while the original Mirai propagated over TCP/23 (Telnet) and TCP/2323 and leveraged default usernames and passwords, this new variant of Mirai utilizes the TR-064 and TR-069 protocols over port 7547 and exploits a known vulnerability to gain control of devices.

Flashpoint says it was used to take down 900,000 routers on the Deutsche Telekom network last week. It says infected devices have been found in the following countries: United Kingdom, Brazil, Turkey, Iran, Chile, Ireland, Thailand, Australia, Argentina, Italy, and Germany.

Though the number of infected devices is unknown, some estimates put the total number of devices with port 7547 open at around 41 million, and devices that allow non-ISPs access to provisioning networks number up to five million. If even a fraction of these vulnerable devices are compromised, they would add considerable power to an existing botnet.

While almost all ADSL routers have port 7547 open, most of the ones used on Deutsche Telekom were supplied by ZyXEL. It has responded that, “it is aware of the issue and assures customers that it is handling it with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with one of our chipset providers".

If that is really the issue then the world needs to worry – ZyXEL uses Broadcom chips as used in most brands and models of routers and provide TR-069 remote ISP management as standard.

Part of the problem is that the consumer routers have been incorrectly configured, says Johannes Ullrich, dean of research at the SANS Institute of Technology. The attacks exploited a software vulnerability via a remote administration setting usually restricted to ISPs.

"These remote admin protocols are supposed to use authentication and access restrictions but it appears they are not implemented correctly,” he says. Ullrich says he hopes the attacks will serve as a wake-up call for ISPs, but, "there are likely many so far unknown vulnerabilities left in the various implementations of these remote admin protocols".

Tod Beardsley, senior security research manager at Rapid7, said “While we have been warning about crummy routers and switches at home for years and years, I wasn't expecting to see the Mirai botnet become this IoT attack platform. It turns out it's a pretty decent platform for subbing in new attacks for old ones. A lot of these modems are rebranded by ISPs."

In the US, a DDoS attack was identified on Thanksgiving Eve and over the Black Weekend sales, involving involved 400Gbps attacks for hours on end. Within 24 hours the attacks became 24/7.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News