Monday, 05 December 2016 14:29

IoT eminently hackable – 900,000 routers down and millions vulnerable Featured


Hacked Internet of Things (IoT) devices are powering massive botnets and cybercriminals are offering DDoS attacks as a service. A total of 900,000 ZyXEL routers took down Deutsche Telekom users last week.

The IoT is essentially it is anything that connects to the Internet apart from a computer. That includes Wi-Fi routers, security cameras, thermostats, home appliances to sensors used in industrial and manufacturing applications.

IoT is inherently insecure – a lack of standards, operating systems, embedded passwords, and manufacturer’s backdoors make it so. For example, a team of security experts hacked 12 of 16 most common Bluetooth smart locks used in the US. Smart thermostats, security cameras and kids toys have also been hacked.

All IoT devices have some capability to send email alerts, or access the Internet to upload data and receive instructions and that is why access to them is sought after by hackers. According to Motherboard,  two hackers have created a new powerful zombie army of hacked IoT devices for rent to launch DDoS attacks.

The hackers claim to have improved on the Mirai “virus” enabling it to troll the Internet, find insecure devices, and bring them into the botnet. They now have over a million devices under control.

“The original Mirai was easy to take, like candy from kids,” the hacker, who calls himself BestBuy, told Motherboard in an online chat, referring to other competing hackers, who’ve been fighting in an online turf war to control vulnerable devices in the last few weeks.

Flashpoint puts the figure at around five million devices as the new Mirai virus finds more targets. It says while the original Mirai propagated over TCP/23 (Telnet) and TCP/2323 and leveraged default usernames and passwords, this new variant of Mirai utilizes the TR-064 and TR-069 protocols over port 7547 and exploits a known vulnerability to gain control of devices.

Flashpoint says it was used to take down 900,000 routers on the Deutsche Telekom network last week. It says infected devices have been found in the following countries: United Kingdom, Brazil, Turkey, Iran, Chile, Ireland, Thailand, Australia, Argentina, Italy, and Germany.

Though the number of infected devices is unknown, some estimates put the total number of devices with port 7547 open at around 41 million, and devices that allow non-ISPs access to provisioning networks number up to five million. If even a fraction of these vulnerable devices are compromised, they would add considerable power to an existing botnet.

While almost all ADSL routers have port 7547 open, most of the ones used on Deutsche Telekom were supplied by ZyXEL. It has responded that, “it is aware of the issue and assures customers that it is handling it with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with one of our chipset providers".

If that is really the issue then the world needs to worry – ZyXEL uses Broadcom chips as used in most brands and models of routers and provide TR-069 remote ISP management as standard.

Part of the problem is that the consumer routers have been incorrectly configured, says Johannes Ullrich, dean of research at the SANS Institute of Technology. The attacks exploited a software vulnerability via a remote administration setting usually restricted to ISPs.

"These remote admin protocols are supposed to use authentication and access restrictions but it appears they are not implemented correctly,” he says. Ullrich says he hopes the attacks will serve as a wake-up call for ISPs, but, "there are likely many so far unknown vulnerabilities left in the various implementations of these remote admin protocols".

Tod Beardsley, senior security research manager at Rapid7, said “While we have been warning about crummy routers and switches at home for years and years, I wasn't expecting to see the Mirai botnet become this IoT attack platform. It turns out it's a pretty decent platform for subbing in new attacks for old ones. A lot of these modems are rebranded by ISPs."

In the US, a DDoS attack was identified on Thanksgiving Eve and over the Black Weekend sales, involving involved 400Gbps attacks for hours on end. Within 24 hours the attacks became 24/7.

Read 6529 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News