Researchers at Trustwave performed a deep dive analysis of BrickerBot malware code to discover potential 0day vulnerabilities or lessons learned to help improve Internet of Things (IoT) security.
The author of BrickerBot wrote a letter to Bleeping Computer that he retired after bricking nearly 10 million IoT devices with the malware strain.
The analysis revealed one 0day vulnerability related to Authenticated Remote Code Execution (RCE). The impact of the malware would be significantly reduced, however, if you change the default passwords.
Five vectors of attack were also revealed in the Trustwave report to include: SSH crawler, Telnet crawler, HTTP module (that use some Exploits as well as automated authenticated requests with default passwords), HNAP module (that contains 1 exploit and Authenticated requests with default passwords) and SOAP module (that exploits 3 vulnerabilities).
The main purpose of the BrickBot botnet was to help illustrate the point that every unsecured IoT device is a potential target for botnets, such as Mirai, and can be hacked.
Some lessons learned from Trustwave: don’t use default passwords, don’t leave “backdoor” accounts, don’t run everything under root and keep IoT device firmware up to date.