Port scanning /0 using insecure embedded devices
- Wed 20 March 2013
- Information Security
Someone sent me a link to the Port scanning /0 using insecure embedded devices article that was recently published. Describing the Carna Botnet, this project aimed to prove (or disprove) the hypothesis that there were one hundred thousand open systems on the Internet in which to make a botnet. I choose to use the word "open" and not "vulnerable" because we aren't talking about systems that have some sort of unpatched bug that allows access. This researcher only used unsecure telnet sessions to create his botnet.
Because this was for research, no long lasting effects were created by the deployed software but that isn't to say that other software couldn't be introduced in a similar manner as was discovered during the experiment. It is believed that most of these open systems are appliances (printers, network devices, etc) which could yield other interesting developments if the software was malicious. This is a good read with lots of data provided inside the article. A good read for anyone interested in information security.