Kernel Panic Linux User Group
San Diego Computer Society
November 10, 2016
Can a lay person recognise an IoT device?
What do vulnerabile devices look like?
The following are "typical" but never a requirement
Common vulnerable devices
A device is anything, no matter big or small, in a case or not, visible or not
One of two main/major botnet malware (Mirai and Bashlight)
61 (Some lists are 66) common username/passwords
Krebs Security attack September 2016
Oct 21 2016 Dyn attack (consequences Github, Twitter, Reddit, Netflix, Airbnb, more)
DDOS is simple, prepends a random string in front of a valid domain name. Note is different than, and far simpler than for instance a DNS amplification attack
Source Code - https://github.com/jgamblin/Mirai-Source-Code
Threat Level - Critical
Threat consequence - Elevates code to Root/system equivalent
Scope - All systems using an unpatched kernel since 2007
Difficulty to exploit - Easy to moderate
Exploit code in the Wild - Yes
Although a memory page may be marked both read-only and copy-on-write for special instances like running in a debugger (which allows breakpoints to be inserted into the running process).
Although normally a read-only memory page doesn't use the copy-on-write mapping, a malicious exploit can take advantage of it. A special "-force" instruction can over-ride normal read-only to modify and insert malicious code.
When the "-force" instruction is implemented, then it opens up 3 possible attack vectors
Kenton Varda Oct 25, 2016