Earlier this summer, a new strain of destructive malware known as Silex began to spread and effectively brick IoT devices. As ZDNet’s Catalin Cimpanu reports, Silex victims can resurrect their devices by manually reinstalling firmware. However, most device owners typically consider the re-installation process to be overly complicated and time consuming.
“Silex works by trashing an IoT device’s storage, dropping firewall rules, removing the network configuration, and then halting the device,” writes Cimpanu. “It’s as destructive as it can get without actually frying the IoT device’s circuits. It’s expected that some owners will most likely throw devices away, thinking they’ve had a hardware failure without knowing that they’ve been hit by malware.”
Akamai researcher Larry Cashdollar, who first identified the malware in late June, tells ZDNet that Silex exploits known default credentials for IoT devices to log in and kill the system. More specifically, the malware strain writes random data from /dev/random to any mounted storage it finds. Subsequently, Silex deletes network configurations, runs rm -rf / to delete any remaining data, flushes all iptables entries, and adds an entry todrop all connections.
Ben Levine, a Senior Director of Security Product Managementat Rambus, tells Rambus Press that Silex is one of multiple malware strains that actively seeks out devices with default or weak login credentials such as “admin” usernames and “1234” passwords.
“Essentially, Silex exploits unprotected system functions to brick IoT devices,” he explains. “However, it is important to understand that a hardware-based root of trust can help protect against malware like Silex by ensuring robust remote access authentication and monitoring anomalous system operation.”
A hardware-based root of trust, says Levine, can be implemented as an independent security co-processor that is integrated into IoT devices. Put simply, a hardware-based root of trust allows execution of security applications, provides tamper detection and protection, and enables secure storage and handling of keys and security assets.
“An independent hardware-based root of trust offers chipmakers a siloed approach to security. Although it is typically placed on the same silicon as the main processor, the secure processing core is physically separated,” Levine elaborates. “This means that compromise of the main processor does not expose critical keys and credentials – or impair the execution of security applications that can monitor system operation and detect tampering. The root of trust can continue to provide security functionality – even if the attacker gains access to the device.”
A hardware-based root of trust can also implement strong authentication for remote access to a device, avoiding reliance on simple credentials that are often left in a default state.
“A hardware-based root of trust can be used to provide secure and flexible control over who and what can access a device. Different entities can be given different amounts of access based on how much they are trusted, and all of this can be enforced in hardware,” he concludes.