Brickerbot wants to break your devices

A new kind of malware could make your smart devices as useful as bricks. But there are ways to protect yourself.

Smart devices are under attack by new malware

No one knows who is behind Brickerbot or what's motivating them. (Kacper Pempel/Reuters)

There's a new kind of computer malware on the block. It doesn't want to spy on you or hold your data for ransom. Instead, it wants to corrupt and destroy your computer hardware. And it's called Brickerbot.

What is Brickerbot?

Brickerbot is a type of malware — malicious software — that was discovered by a researcher at a cybersecurity company called Radware. Brickerbot is a particularly nasty piece of software because its goal is to render your devices unusable. 

Brickerbot wants to mess up your smart baby monitor. ((Ted Kritsonis))

For example, let's say you have a security camera that's hooked up directly to the internet. Brickerbot would try to remotely log in to your camera then try to break it. Pascal Geenens is the researcher who discovered this malware. He said this is what's called a "Permanent Denial of Service" attack.

He explained: "A permanent denial of service attack is typically where you will try to override software or try to destroy hardware in such a way that the device cannot be recovered without experts doing recovery on the device."

This malware tries to make your devices about as useful as a brick, hence the name Brickerbot. The attacks were first identified last month and are still going on.

Didn't this same thing happen last year?

We saw a very similar type of remote attack last year with the Mirai botnet. Mirai was used in several large-scale network attacks, including the attacks that took down Twitter, Reddit, Netflix, Airbnb and others. 

The Mirai botnet made it impossible to Netflix and chill (Elise Amendola/Associated Press)

Like Brickerbot, Mirai works by scanning the internet, looking for vulnerable internet of things devices, like cameras, home routers and digital video recorders. When it finds one, it installs malware on the device and makes it part of a botnet, which is basically a large army of devices that can be used as weapons to take down websites. Instead of trying to recruit your devices into a bot army, Brickerbot tries to mess them up so they don't work anymore.

What type of devices are vulnerable to this type of attack?

Brickerbot seems to be going after a number of different internet of things devices that are directly connected to the internet, meaning they have IP addresses that are publicly available on the internet. They also seem to be targeting devices that run embedded versions of Linux, like routers, IP cameras and digital video recorders.

Part of the issue with some of these devices is that out of the box, they have a default password. And if nobody changes that password, it's easy for malware like Mirai or Brickerbot to get in and wreak havoc. 

Changing factory-set passwords can help protect your smart devices from Brickerbot, but that can be tricky to do. (Shutterstock)

According to Geenens, for some internet of things devices, it can be very difficult to change the default password.

"Now the big problem that we have today if you are a consumer is, how do I know my device is secure? I go buy a smart fridge, how do I know it's secure?" he said. "There is no third party organization that gives out the label for security. So that means that we have to trust the vendors."

Geenens says he's seen plenty of internet of things devices that claim to be secure and aren't.

Why would someone design a bot to destroy devices like this?

We don't know who created Brickerbot, so it's difficult to understand their motivations. With Mirai last year, it makes more sense. If you can create a botnet out of hundreds of thousands or millions of internet of things devices, you can sell access to your botnet. There are financial incentives.

It's less obvious why someone would want to create software that renders the internet of things unusable. But there are a few theories. One is that Brickerbot was created by someone who's upset by the current state of security in the internet of things. The second is that it's someone who's angry at device manufacturers for not fixing security issues like easily guessable default passwords.

It's possible Brickerbot is designed to be a sort of vigilante, disabling internet of things devices before they can become part of a botnet.

Brickerbot could make it lights out for your smart light switch. (Steve Marcus/Reuters)

What can individuals do to protect themselves from this type of attack?

The good news is many consumer devices on the internet of things are sitting behind a gateway — like router — so they're not directly addressable from the public internet. 

Last fall, when the Mirai botnet was in the news, I talked to security expert Ken Munro.

Munro said if you're considering an internet of things device, like a smart thermostat or internet-connected baby monitor, you should go for a brand name that you recognize and trust since well-known companies are more likely to issue updates that fix security holes and patch vulnerabilities when they are found.

The other option, is simply to avoid so-called "smart home" devices, though that's becoming increasingly difficult. If you do have devices hooked up to the internet — like a router, camera, or DVR — I recommend looking up how to change the default password, because the security experts I've spoken to think we're only going to see more of this type of attack.


Dan Misener

CBC Radio technology columnist

Dan Misener is a technology journalist for CBC radio and Find him on Twitter @misener.