A 12-year-old vulnerability in the OpenSSH security utilities suite is letting hackers launch massive distributed denial of service (DDoS) attacks using Internet of Things devices, according to new research
The vulnerability has essentially enabled the “Internet of Unpatchable Things,” as there is no effective way to fix the problem in many devices, said Ory Segal, senior director of threat research at Akamai Technologies.
Last month, IoT devices were linked to a DDoS attack on the KrebsOnSecurity.com Web site that writer Brian Krebs called “among the biggest assaults the Internet has ever witnessed.” According to data from Arbor Networks, DDoS attacks are growing in size and frequency. By the end of 2016, the average attack is expected to be “large enough to knock most businesses offline,” according to Arbor Networks.
CCTV Devices, Modems, Routers at Risk
“After analyzing large data sets from Akamai’s Cloud Security Intelligence platform, we discovered several common features, which led us to believe that the IoT devices were being used as proxies to route malicious traffic against victim sites,” Akamai researchers Segal and Ezra Caltum wrote in their new report.
On further investigation, Segal and Caltum identified what they called “SSHowDowN Proxy” attacks that use an OpenSSH vulnerability to access the Web administration consoles of IoT devices to compromise data on those devices or, in some cases, take them over completely.
Among the devices likely to have that vulnerability are CCTV (closed circuit television) cameras and other devices for video surveillance, satellite antenna equipment, networking devices such as modems and routers, and Internet-connected network-attached storage devices.
Segal and Caltum are recommending that users of such devices try to protect themselves by always changing the factory default credentials for any Internet-connected devices they own. They said users should also completely disable the SSH service on every such device unless it’s needed for…