six colors

by Jason Snell & Dan Moren

Support this Site

Become a Six Colors member and get access to a monthly newsletter, exclusive weekly podcast, and community. Subscribe now!

Linked by Dan Moren

Hajime “grayhat” IoT worm is even more sophisticated than thought

A followup on the Hajime botnet story from the other week, also from Dan Goodin at Ars Technica:

Also, in stark contrast to Mirai and its blackhat botnet competitors, Hajime goes to great lengths to maintain resiliency. It uses a BitTorrent-based peer-to-peer network, to issue commands and updates. It also encrypts node-to-node communications. The encryption and decentralized design make Hajime more resistant to takedowns by ISPs and Internet backbone providers. After researchers from Rapidity Networks in October uncovered a flaw in the encryption implemented in an earlier version of Hajime, a Hajime developer updated the botnet software to fix it.

This is, from all indications, an impressive achievement, but it should still bring some sweat to the forehead when you realize that our best hope of securing our IoT devices is a vigilante whose ultimate motives are unknown. One can only hope this spurs device developers to up their game.