Skip to main content

Linux Malware found that can infect home appliances

Researchers have honed in on a Linux worm capable of infecting all manner of Internet-connected home devices, including routers, set-top boxes, security cameras, thermostats and smoke alarms, among others.

The worm, dubbed Linux.Darlloz, only infects devices that run on Intel x86 CPUs, but as a proof-of-concept malware, signals a worrying vulnerability in the increasing spread of the Internet of things.

Symantec researcher Kaoru Hayashi wrote on his blog last week that "Although no attacks against these devices have been found in the wild, many users may not realize they are at risk, since they are unaware they own devices that run Linux."

Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target.

Linux is the best known open source operating system, and has been a cornerstone of the spread of Internet-connected devices.

Due to the increasing spread of the so-called Internet of things, many users "may not be aware that they are using vulnerable devices in their homes or offices," he warned.

According to Hayashi, the newly-discovered Linux.Darlloz worm could even be used to attack "industrial control systems."

Symantec offered the following advice to users on how to protect themselves against the worm:

1. Verify all devices connected to the network

2. Update your software to the latest version

3. Update your security software when it is made available on your devices

4. Make device passwords stronger

5. Block incoming HTTP POST requests to the following paths at the gateway or on each device if not required:

  • -/cgi-bin/php
  • -/cgi-bin/php5
  • -/cgi-bin/php-cgi
  • -/cgi-bin/php.cgi
  • -/cgi-bin/php4

While no devices other than PCs have so far been found to be infected by the worm, this is surely only the first of many malware variants designed to attack the increasing number of Internet-connected devices around our homes.

Since it's usually a matter of when, and not if, a certain operating system can be compromised, manufacturers who don't build hardware capable of being regularly updated are actually risking the safety of their customers.

Last month, Nest release the latest of its attempts to reinvent basic household appliances: the Nest Protect smart fire alarm. The company has previously released the Nest Thermostat, a thermostat that can be controlled via the Internet. Both devices can run on Linux, but have strong update cycles.

Chip-maker Qualcomm have also promised to bring the smart home concept into the mainstream with a new a new embedded processor line through its Atheros subsidiary, which it claims will "transform networking devices like home gateways, routers, and media servers into 'smarthome' platforms."

But did the Internet of things just get dangerous?

Image: Flickr (pogobee)