Following the news that Sierra Wireless AirLink Gateways are vulnerable to the Mirai DDoS botnet, of which source code has been made public, IT security experts from Corero Network Security and Tripwire commented below.
Sean Newman, Director at Corero Network Security:
“It’s kind of understandable that passwords protecting the majority of network enabled consumer devices get left at their factory defaults, as end-users often lack the awareness or confidence to change them – in these cases, manufacturers need to start taking more proactive measures to help ensure users are aware and making it simple for them to update passwords without fear of rendering the devices unusable.
“However, when it comes to commercial equipment, there is simply no excuse for IT professionals and installers of such equipment to leave devices in their default security state. Even for the simplest of devices which require any kind of configuration, there will be password controlled access which should be updated. Sierra’s products have been unlucky enough to become the next target, but that’s not due to anything remiss on their part, and there are many more vendors out there with products in the same position, waiting to become the next mass target. Well done to Sierra for proactively reaching out to their customers and highlighting the risk and reminding them to do, essentially, what they should have done anyway!”
Lamar Bailey, Director of Security R&D at Tripwire:
“Botnets are having great success taking advantage of the IoT explosion we have seen over the last few years. The number of connected devices in the average home has skyrocketed to numbers previously seen in small offices. With this rush to get new devices to market we find the consumer devices are not as secure as people assume. Many of the devices lack some of the fundamental security controls like requiring default password changes or using unique passwords for each device.
The average home user just sets up the device per the install instructions and trusts it is secure. Botnets can use these default credentials to harvest hundreds or thousands of bots to focus on a target in a DDoS attack. The attacks are more successful because they come from a larger area and this makes them harder to mitigate.”