Friday, October 28, 2016

There May Be A Way To Hack The IoT Botnet Hackers

From The Register:

Researchers expose Mirai vuln that could be used to hack back against botnet
Exploit can halt attacks from IoT devices
Security researchers have discovered flaws in the Mirai botnet that might be used to mitigate against future attacks from the zombie network.

Scott Tenaglia, a researcher at endpoint security firm Invincea, found a weakness in the HTTP flood attack that Mirai is capable of mounting. Specifically a stack buffer overflow vulnerability in the code that offers a means to crash the process, and therefore terminate the attack from that bot.
Flood attacks are the most straightforward (and crude) way to DDoS a webiste. The flaw might be leveraged to stop such attacks, though crucially not offering a way to prevent other forms of assault.
This simple "exploit" is an example of active defence against an IoT botnet that could be used by any DDoS mitigation service to guard against a Mirai-based HTTP flood attack in realtime. Although it can't be used to remove the bot from the IoT device, it can be used to halt the attack originating from that particular device. Unfortunately, it's specific to the HTTP flood attack, so it would not help mitigate the recent DNS-based DDoS attack that rendered many websites inaccessible....