26-10-2020 | | By Robin Mitchell
A variance of the InterPlanetary malware has infected just over 13,000 machines around the globe and is now starting to infect IoT devices based on Android and Linux systems. What does this malware do, why is it able to infect IoT devices, and what risks does using standard operating systems on IoT device present?
Recently, a piece of malware has been infecting machines called InterPlanetary Storm and has so far infected 13,000 machines over 84 different countries. The malware utilises a brute force method to gain access to devices using a dictionary attack (i.e. a dictionary of commonly used passwords). It can also access devices via Android Debug Bridge servers. Once into the system, the malware can detect the CPU architecture (e.g. x86, x64, and ARM), and load the correct version. The function of most malware is known, but the exact nature of InterPlanetary Storm is a mystery to cyber experts, and it is believed to be a backdoor to allow remote attacks to crypto mine or perform DDoS attacks.
Generally speaking, such malware in the past would be limited to main computing systems such as desktop PCs, laptops, and servers. Still, the increasing use of operating systems in IoT devices is also allowing malware to infect these devices too. In the case of InterPlanetary Storm, IoT devices that use either an Android or Linux based OS are equally vulnerable as the malware can successfully run on them. The ability for malware to infect IoT devices is worsened when considering that IoT devices, by nature, have internet interconnectivity, thus allowing for malware to find vulnerable devices quickly, infect, and then spread across networks.
While any device can be vulnerable to malware, the use of commonly available operating systems complicates the matter further. Unlike simple microcontrollers that run specific firmware, a processor running an OS is designed to be able to execute a wide range of different applications that can easily be added and removed. Security systems can be integrated only to allow a few specific apps to run. Still, as operating systems are large and complex, they often have multiple entry points that attackers can exploit. For example, secure shells are particularly problematic as they allow for remote control of a system, and if not properly secured, allow for attackers to easily take control. Operating systems also have many features that may be unused, and these additional services can include bugs and exploits that go unnoticed. These same services can also be difficult to disable/remove. Thus a design is reliant on a system that cannot be easily patched (except by the developers of the operating system).
While operating systems can provide easy to use platforms, it should be noted that the use of such platforms in IoT devices will only increase the likelihood of infection by malware, and IoT devices will only further encourage the spread of malware on commonly used platforms. Of course, those same platforms can utilise security software, but not only does this consume processing power, but also increases the energy consumption of that device which defeats the purpose of low-power devices.
The use of a custom system on an IoT device allows for a designer to minimise points of entry with the lack of unused services, closed ports, and unique software structure. The use of dedicated firmware also makes it harder for external malware to inject code into memory protected areas, and using uncommon CPU architectures adds a layer of complexity that malware has to overcome. But even then, using custom platforms and uncommon CPU architectures is still not enough to guarantee a secure system, and can even lead to more vulnerabilities. For example, operating systems developed by major companies will most likely employ security specialists who look for vulnerabilities and understand what to look for, while a firmware engineer designing a custom system may make trivial mistakes unknowingly such as not checking array bounds, sensitising data, and leaving ports open.
In the future, it is more than likely that as IoT devices become increasingly more powerful, specialised operating systems will be developed, such as Window IoT, that provide systems ideal for IoT applications with minimal features and ability to disable unused services. Such platforms will help engineers create easy to use systems for adding applications while ensuring that they are fundamentally secure. This will also be reflected in hardware choice of the future as IoT devices move towards a more traditional PC architecture also allowing them to run x86, x64, and ARM programs. But, as this happens, designers need to be aware that their IoT devices are now more like computers and thus potentially vulnerable to malware already in circulation.