Posts

Showing posts from October, 2017

IoT Security Hardening: Mirai and Reaper Botnet, Turf Warfare and Malware Analysis

Image
The Mirai botnet, powered primarily by IoT devices, was responsible for the DDoSing of several high-profile targets in 2016-2017 — serving as a wake-up-call to IoT manufacturers and security professionals to increase the baseline security of IoT devices. Since its open-source release, Mirai’s source code has fuelled an almost exponential development for more other botnet variants like IoT_reaper, Hajme and BrickerBot.
Background – Incident Timeline

Coined ‘Mirai’ – meaning ‘for future’ in Japanese, the botnet was first identified in August 2016 by the security research group ‘MalwareMustDie’. Soon after, Mirai will be known as the vehicle for some of the most effective DDoS attacks in history – scanning and attacking vulnerable IoT devices with a short list of 62 default usernames and passwords.
In September 2016, KrebsOnSecurity was DDoSed by 620 Gbps of traffic driven by Mirai. Paralleling this attack, the French webhost cloud service provider OVH was also DDoSed – breaking the reco…

5 Minutes on the WPA2 KRACK Vulnerability

Image
The WPA2 KRACK vulnerability can be boiled down to one main aspect – forced nonce-reuse resulting in an attacker's ability to decrypt messages and 'manipulate' data through man-in-the-middle attacks on Wi-Fi access points.

How Wi-Fi Works

WPA2 is the general protocol adopted for Wi-Fi networks where a four-way handshake is used to identify and establish a connection between the supplicant (the user connecting to Wi-Fi) and the authenticator (the Wi-Fi access point they are connecting to). This four-way handshake is encrypted using (AES)-CCMP.
When a user tries to connect to a Wi-Fi access point, the 'password' they use to authenticate their access is known as the Pairwise Master Key (PMK). This establishes a symmetric protocolwhere both the authenticator and the supplicant know the value of the PMK.
The communications protocol between the supplicant and the authenticator is as follows in the simplified Four-Way Handshake as depicted in Figure 1.


Figure 1

Four-Way H…