How to check if your IoT device is vulnerable to Mirai malware?

In September, the well-known cyber security expert Bruce Schneier wrote an article in which he talked about hackers learning to take down the entire internet. The prophecy of Bruce Schneier came true when a month later internet was actually taken down by a DDoS attack on the core internet infrastructure that involved use of Internet of Things devices.

A massive Distributed Denial of Service (DDoS) attack was launched against the Domain Name System (DNS) servers hosted by the management firm Dyn. The DNS servers hosted by Dyn are used by many popular websites like Github, Twitter and Reddit. The result? These popular websites remained inaccessible throughout the day. The DDoS attack was carried out with the help of the infected IoT devices whose number is increasing daily ever since the Mirai malware source code was publicly released by a hacker over the internet. The surprising factor about the attack was that the companies that monitor internet infrastructure reported that the attack made use of only 10% of the Mirai botnets which currently has got around half a million infected IoT devices in its arsenal.

Since the public release of the Mirai botnet, everyone who has an IoT device needs to be cautious and secure the device to prevent it from getting infected and turning into a botnet that is used by hackers to carry out cyber-attacks just like the one that happened with Dyn. Similarly, the companies that sell these devices also need to gear up their security level. Luckily there is a tool called Bullguard’s IoT Scanner, with which you can check if any IoT device over your network is vulnerable to Mirai malware. If the result shows so, it’s time to contact the manufacturer or lookout for the solutions to the same and fill up vulnerable gaps.

The Bullguard’s IoT Scanner will help you detect any IoT devices on your home network that are publicly exposed and can be accessible to hackers. The tool makes use of Shodan, a search engine for locating unprotected computers and webcams. If the scan results highlight any device on your network that is potentially accessible to hackers, its time you change the login credentials using the device App or any other admin panel provided by the vendor. If you purchase any new IoT product, you should change the username and password because Mirai malware uses a list of default credentials to scan for vulnerable devices and infect them. Taking such steps will protect your device to a reasonable extent. However, complete security can’t be granted because of existing vulnerabilities in the software of IoT devices.