back to article Sign of the times: Mirai botnet strain fine-tunes itself to infect digital signage, projectors

A strain of the botnet malware Mirai has emerged focused on a wider set of embedded internet-connected devices. Researchers at Palo Alto Networks' Unit 42 this week stated that a variant of the notorious Internet-of-Things infector is now looking to hijack TVs and projectors designed to display information and adverts, as well …

  1. revenant Silver badge
    Unhappy

    Aw Crap...

    Yet another batch of vulnerabilities in my router that Netgear are never going to fix.

    It's really time to move on to something more up-to-date that still gets firmware updates, but how to choose?

    It's about time all manufacturers were required to state on the product packaging a clear date up to which they will provide security fixes.

    1. Paul Crawford Silver badge

      Re: Aw Crap...

      Sooner or later we will have to legislate that suppliers MUST maintain the security and functionality of any Internet-connectible device for at least 5 years after that last sale of the product.

      1. DontFeedTheTrolls Silver badge
        Headmaster

        Re: Aw Crap...

        "suppliers MUST maintain the security and functionality of any Internet-connectible device for at least 5 years after that last sale of the product"

        Firstly, "suppliers" or "manufacturers" - I don't believe suppliers are on the hook for maintenance, manufactures are.

        Secondly, for the vast majority of impacted devices it is already the case that they are beyond the "end of sale" date as set by the manufacturer.

        You concept is valid, there is a case to be made for manufacturers providing fixes for a period. What is a "fair" length of time, and what if they've gone out of business?

        1. Paul Crawford Silver badge

          Re: Aw Crap...

          Firstly, "suppliers" or "manufacturers" - I don't believe suppliers are on the hook for maintenance, manufactures are.

          Mostly the manufacturers are in a far-off land and you only have legal power over the suppliers which are typically in your own country, so make them liable as well so they have to get the appropriate contract provisions, code escrow, liability insurance, etc in place.

          You concept is valid, there is a case to be made for manufacturers providing fixes for a period. What is a "fair" length of time, and what if they've gone out of business?

          I guess "fair" is up to the legislators to define, but I suggested 5 years as the typical write-off period in accounting for many items (as well as the sort of time scale I expect keep stuff for). If the manufacturer (or supplier) has gone out of business then the other should be on the hook - again, it places some onus on both to have some sort of system in place to keep things going (or replacements/compensation if they can't).

          Yes, I know this will drive up costs, etc, but in the long run it would lower the costs to society for which we all eventually pick up the tab for.

  2. Pascal Monett Silver badge

    "businesses are, usually, a lot quicker to spot malware attacks and lock down their systems"

    A spot of wishful thinking there, I think. Of sure, medium and large businesses may have the clout to do so, but there are a number of small but rather wealthy businesses (think lawyers and doctors and vets) that haven't a clue, yet might have a need for that shiny screen in waiting room. I don't think they have the faintest idea what Mirai even is and why they should bother about it.

    They might not have the need for a "business" screen either and just prop up a bland, non-connected screen like any sane person would, but when you couple ignorance with money, crazier things have happened.

    Why, just last month I had a very interesting conversation with my ophthalmologist who talked about his laptop (yes, he knows I'm an IT guy) and that his work application needed an update and told me that he had another "expert" who promised him he could get it for him for free. I had to then explain that first, there isn't a big chance that a company making ophthalmology software would leave their updates on BitTorrent, and if so, there was an even smaller chance that the update wouldn't have an "update" of its own. I then proceeded to explain that the golden age of people hosting cracks for various software and games out of the goodness of their hearts was long gone and today, said cracks are to be assumed to be accompanied by malware.

    In the end, he agreed that it was probably a better idea to just pay for the damn upgrade. Whew ! One bullet dodged. This time.

    This being my use case, you must understand that this professional is not only an intelligent man and a good professional, he's also far from poor. Yet, he was entirely ready to rely on some schmuck offering a free upgrade for an obscure application. You really think that he'd be able to spot some Mirai infection on the screen he has in his waiting room ? I can assure you, he wouldn't even notice the impact on his bandwidth, because I'm sure he's got a 100Mbit line and he uses one percent of that.

    1. Anonymous South African Coward Silver badge

      Re: "businesses are, usually, a lot quicker to spot malware attacks and lock down their systems"

      Agreed.

      My 0.02c to this is that most, if not all, IT departments may be overloaded with work, and will not pick up this kind of issue straightaway.

    2. Anonymous Coward
      Anonymous Coward

      Re: "businesses are, usually, a lot quicker to spot malware attacks and lock down their systems"

      Right - I was getting my teeth cleaned a year ago and was chatting with the hygienist about a movie and she said, "I'll look it up on Google" - she clicked on the big screen showing my X-rays and mouth layout and voila - they were still running Windows-XP ... and browsing the Internet on the same PC that had all the customer data.

      1. Is It Me Bronze badge

        Re: "businesses are, usually, a lot quicker to spot malware attacks and lock down their systems"

        From what I saw at my doctors they all used a remote desktop connection of some sort. This should help keep patient data separate from things that are local to the local device

  3. Anonymous Coward
    Anonymous Coward

    Some good news.

    That was a useful heads-up; I checked and the WePresent / WiPG1000 thingy we have in our boardroom was indeed potentially an issue. In amongst all the other messes I inherited from a predecessor with a vague idea of IT admin, it had the same admin password he used everywhere (at least not factory default, I guess), a DHCP address with a valid default gateway (why does it need internet access - it can't pick up its own firmware) and hadn't been updated since 2015. My excuse for not getting it sooner is that it was hiding above a ceiling panel...

    The manufacturer's site is decent (https://www.barco.com/en/product/wepresent-wipg-1000); the latest firmware from this month is sitting there ready to download and you can register your product to receive update notifications via email. Good work Barco!

    YMMV with your router...

    1. Doctor Syntax Silver badge

      Re: Some good news.

      OTOH a boardroom projector suddenly running a competitor's ads might be a less damaging wakeup call where it's needed than a dose of Wannacry.

      1. Yet Another Anonymous coward Silver badge

        Re: Some good news.

        Or a sign that you're running skype

      2. sanmigueelbeer Silver badge

        Re: Some good news.

        OTOH a boardroom projector suddenly running a competitor's ads might be a less damaging wakeup call

        Boardroom projects have very small "target audience". Think bigger.

        Those LG Supersign panels with built-in digital signage in them? Some of them can be found in airports. Imagine what would happen if some fut nuck would hack into them and start spewing out messages like "I have hacked the airport. I have hacked your aeroplane. Have a safe flight".

        The word "panic" would be an understatement of the year. I'll take Petya/Wannacrypt over this.

  4. Barry Rueger

    Common Sense for These Times

    Of late I find that I assume that any system I use is compromised, or will be soon, and any place with data about me will inevitably be hacked, or the data sold to an outside party.

    I assume nothing is secure, and that no corporation will voluntarily admit when their system has been compromised. I have utterly no trust in Google, Facebook, Twitter, or that ilk.

    Yes I still use the Internet, and no, I don't like it,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019