by Dan Moren
Hajime “grayhat” IoT worm is even more sophisticated than thought
A followup on the Hajime botnet story from the other week, also from Dan Goodin at Ars Technica:
Also, in stark contrast to Mirai and its blackhat botnet competitors, Hajime goes to great lengths to maintain resiliency. It uses a BitTorrent-based peer-to-peer network, to issue commands and updates. It also encrypts node-to-node communications. The encryption and decentralized design make Hajime more resistant to takedowns by ISPs and Internet backbone providers. After researchers from Rapidity Networks in October uncovered a flaw in the encryption implemented in an earlier version of Hajime, a Hajime developer updated the botnet software to fix it.
This is, from all indications, an impressive achievement, but it should still bring some sweat to the forehead when you realize that our best hope of securing our IoT devices is a vigilante whose ultimate motives are unknown. One can only hope this spurs device developers to up their game.