An Inside Look at IoT Malware

It was reported that over 20 billion of Internet of Things (IoT) devices have connected to Internet. Moreover, the estimated number in 2020 will increase up to 50.1 billion. Different from traditional security-related areas in which researchers have made many efforts on them for many years, researches on IoT have just started to receive attentions in recent years. The IoT devices are exposing to many security problems, such as weak passwords, backdoors and various vulnerabilities including buffer overflow, authentication bypass and so on. In this paper, we systemically analyze multiple IoT malware which have appeared in the recent years and classify the IoT malware into two categories according to the way in which IoT malware infect devices: one is to infect IoT devices by brute force attacks through a dictionary of weak usernames and passwords; while the other one by exploiting unfixed or zero-day vulnerabilities found in IoT devices. We choose Mirai, Darlloz and BASHLITE as examples to illustrate the attacks. At the end, we present strategies to defend against IoT malware.

[1]  S. Albert Rabara,et al.  Secure IoT architecture for integrated smart services environment , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[2]  Bin Ma,et al.  Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[3]  Peng Wang,et al.  Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale , 2015, USENIX Security Symposium.

[4]  Daniel W. Engels,et al.  A secure IoT architecture for Smart Cities , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[5]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[6]  Peng Liu,et al.  Achieving accuracy and scalability simultaneously in detecting application clones on Android markets , 2014, ICSE.

[7]  Yeonseung Ryu,et al.  Design and Development of a Command-line Tool for Portable Executable File Analysis and Malware Detection in IoT Devices , 2015 .

[8]  Vijay Varadharajan,et al.  Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT) , 2015, 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS).

[9]  Myung-Sup Kim,et al.  Linear SVM-Based Android Malware Detection for Reliable IoT Services , 2014, J. Appl. Math..

[10]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[11]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[12]  Rajkumar Buyya,et al.  CloudEyes: Cloud‐based malware detection with reversible sketch for resource‐constrained internet of things (IoT) devices , 2017, Softw. Pract. Exp..