Gotta Catch 'Em All!
Hand me my Master Ball - this looks like a tricky blighter to catch.
A Pokemon fan has brewed up a stealthy rootkit targeting Linux. Trend Micro senior threat researcher Fernando Mercês says the ring three rootkit, named by its authors after the nocturnal Pokemon character Umbreon, can run on x86, x86-64 and Raspberry Pi, is difficult to detect, and highly portable. "Its main purpose is to …
From Softpedia :
"The good news is that Umbreon's installation is not automated, and attackers need to break into a system first, and then manually install the rootkit on the hacked device."
Ohhhh Nooohhhh, I've been had again. Potentially earth shatteringly important, neh must read article turns into damp squib when you fully realise the non-story it is, ring 3? really? What does it do mess with your twatter settings. Does any one care to estimate how many root kits are floating around torrent space in the pirate sphere, obviously engineered for a different OS but automagically installed with the dodgy left handed movie its packaged with ;)
>Physical access, etc etc, we all know the drill.
Well considering how many people don't disable WPS (or can't in a lot of factory firmware) on their routers just being in the same area or neighbourhood carries dangers. Granted still a lot better than attacked worldwide from the internet though.
here's a scenario that's likely:
a) an RPi user doesn't change the default pi:pi user:pass after installing Raspbian. keep in mind, ssh is enabled AND sudo works on ALL commands
b) the RPi is configured for IPv6, meaning it's IPv6 address is NOW! PUBLICALLY! VISIBLE! TO! ANYONE! WHO! CAN! GET! IT!! (that includes ssh, pretty sure, but I'd have to double-check sshd_config to make sure it's listening)
c) because the PW wasn't changed, a click-bait web site COULD detect an RPi accessing it, and back-crack the system nearly instantaneously, and install this thing.
a) immediately change pi:pi to something else (or disable the 'pi' login entirely)
b) disable ssh access via IPv6 unless you REALLY REALLY need it
c) configure your firewall and sshd and sudo settings properly
d) require su to root [with a cryptic password] for MOST things, i.e. stop using the 'sudoers' group and being lazy about it.
RPi works well as a headless system so you probably don't want to disable ssh, but you want to make sure it' SECURE shell, not "pseudo-secure shell with a brain-damaged insecure config'
"You would be surprised at the number of people using RPi's who expose them to the net and leave the default username and password...."
not really. Your typical 'maker' types are more interested in building cool electronics and making their pi do a dance or flash LEDs and basically know _nothing_ about IT/ security.
At least they're not using Win-10-nic and/or ".Not" on some overpriced intel solution...
(then again, a rumor has it that Win-10-nic has a version for RPi. now I need 'pink liquid' for the nausea that this mental image just caused)
rumor... read: "yes I saw an El Reg article about it, but I'm trying to forget it exists"
Biting the hand that feeds IT © 1998–2019