A malware program called Mirai was quickly blamed for the massive hack in October that took down Twitter, Spotify, and scores of other websites, but a new security tool enables anybody to see if their so-called “Internet of Things” devices are vulnerable to attack.
Mirai has been used in distributed denial of service (DDoS) attacks in the past. It works by finding insecure Internet of Things devices — which isn’t difficult, given that much of the industry doesn’t care about security — then using them as bot-nets to do its bidding. And because the malware’s source code leaked, it’s free for basically anyone to use.
The prevalence of this malware likely made it pretty easy for someone to target Dyn, a domain name service (DNS) provider used by many large websites, to cause the outages from October. The Internet of Things was basically used to break the internet.
Imperva’s research found a way to determine if devices are vulnerable to malware like Mirai. You don’t have to install anything to use it — all you have to do is visit the scanner’s website and let it analyze the IP address your smart products use to access the internet.
The problem is that this scanner can’t do much about the devices themselves. If you run a scan and find that one of your connected gadgets is vulnerable to Mirai, you should change their login credentials from the defaults set by the manufacturer. If that isn’t an option, or if you don’t know how to do that yourself, you’re left to decide whether to put your device at risk or simply stop using it.