The Reaper Botnet Could Be Worse Than the Internet-Shaking Mirai Ever Was

The Mirai botnet, a collection of hijacked gadgets whose cyberattack made much of the internet inaccessible in parts of the US and beyond a year ago, previewed a dreary future of zombie connected-device armies run amuck. But in some ways, Mirai was relatively simple—especially compared to a new botnet that’s brewing.

While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead. It’s the difference between checking for open doors and actively picking locks—and it’s already enveloped devices on a million networks and counting.

On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.

“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”

The Reaper malware has pulled together a grab-bag of IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by companies like Vacron, GoAhead, and AVTech. While many of those devices have patches available, most consumers aren’t in the habit of patching their home network router, not to mention their surveillance camera systems.

Check Point has found that fully 60 percent of the networks it tracks have been infected with the Reaper malware. And while Qihoo 360’s researchers write that some 10,000 devices in the botnet communicate daily with the command-and-control server the hackers control, they’ve found that millions of devices are “queued” in the hackers’ code, waiting for a piece of automatic “loader” software to add them to the botnet.

Check Point’s Horowitz suggests anyone who fears that their device might be compromised should check the company’s list of affected gadgets. An analysis of the IP traffic from those devices should reveal if they’re communicating with the command-and-control server helmed by the unknown hacker that’s administering the botnet, Horowitz says. But most consumers don’t have the means to do that network analysis. She suggests that if your device is on Check Point’s list, you should update it regardless, or even perform a factory reset on its firmware, which she says will wipe the malware.

As usual, though, it’s not the owners of the infected machines who will pay the real price for allowing Reaper to persist and grow. Instead, the victims would be the potential targets of that botnet once its owner unleashes its full DDoS firepower. In the case of Reaper, the potentially millions of machines it’s amassing could be a serious threat: Mirai, which McAfee measured as having infected 2.5 million devices at the end of 2016, was able to use those devices to bombard the DNS provider Dyn with junk traffic that wiped major targets off the face of the internet in October of last year, including Spotify, Reddit, and The New York Times.

Related Stories

Reaper has shown no signs of any DDoS activity yet, Qihoo 360 and Check Point note. But the malware includes a Lua-based software platform that allows new code modules to be downloaded to infected machines. That means that it could shift its tactics at any time to start weaponizing its hijacked routers and cameras.

Horowitz points out that hacking devices like IP-based cameras en masse doesn’t provide many other criminal uses than as DDoS ammunition, though the motivation for any such DDOS attack is still unclear.

“We don’t know if they want to create some global chaos, or do they have some specific target, vertical, or industry they want to take down?” she asks.

All of that adds up to an increasingly troubling situation: One where the owners of IoT devices are racing with a botnet master to disinfect devices faster than the malware can spread, with serious potential consequences for vulnerable DDoS targets around the world. And given that Reaper has far more sophisticated tools than Mirai, the impending volley of attacks may turn out to be even more dire than the last one.

Tech

Future Versions of the Apple iPhone Could Take a Cue From Samsung Galaxy Note 8

Apple’s iPad Pro might not be alone.

Future version of the Apple iPhone might have a feature you can only find in the company’s iPad Pro tablets.

The tech giant is planning to bring “digital pen” support to iPhones starting in 2019, Korean news outlet The Investor is reporting, citing people who claim to have knowledge of the company’s plans. Apple is working on the feature now and has already held talks with digital stylus companies to see how the feature might work with a future iPhone update, according to the report, which was earlier discovered by 9to5Mac.

Apple AAPL offers a digital stylus already called the Apple Pencil. However, the accessory, which is about the size of a real pencil, is only compatible with the company’s iPad Pro. Apple Pencil allows users to digitally “write” on the iPad Pro’s screen to annotate and sign documents, and take notes. Apple Pencil costs $ 99.

Apple’s chief competitor in the smartphone market, Samsung, has offered a digital stylus with its Galaxy Note line of devices for years. Its most recent smartphone, the Galaxy Note 8, similarly comes with the company’s S Pen stylus.

Get Data Sheet, Fortune’s technology newsletter

While some customers have called on Apple to offer a stylus, the company has been loath to do so after late Apple co-founder Steve Jobs said when the iPhone was announced in 2007 that touch input is far superior to stylus input. And each time Apple has been called on to consider a stylus, the company has balked.

However, in recent years, Apple patents have surfaced that point to the company at least considering a stylus for its iPhone. Apple CEO Tim Cook also said last year in an interview with Apple-tracking site Daring Fireball that “if you’ve ever seen what can be created with that Pencil on an iPad or an iPhone, it’s really unbelievable.” His comment ignited speculation that Apple is testing a stylus for the iPhone

Still, Apple has remained silent on possible plans and hasn’t discussed bringing Apple Pencil to any other devices. And it’s also worth noting that two years is a long time in the technology industry. And although Apple might be considering iPhone stylus support for 2019, things can change and the concept could be scrapped without much notice.

Apple did not immediately respond to a Fortune request for comment on the report.

Tech

Italy state role in Telecom Italia could solve network tiff: PD's Orfini

ROME (Reuters) – Italy should play a role in resolving the gridlock over Telecom Italia’s (TIM) network assets, possibly by involving state lender Cassa Depositi e Prestiti (CDP), president of the ruling PD party said in a position paper.

Italian politicians have been calling on and off since 2006 for TIM’s network to be transferred to a state-controlled entity as Rome considers it a strategic asset that should be a neutral platform open to all phone companies.

The heavily-indebted company has been criticized for putting off costly upgrades to its ageing copper network and is now facing competition from Open Fiber, jointly controlled by utility Enel and CDP.

The network issue returned to the forefront of political debate when French media group Vivendi built a 24 percent stake in TIM, becoming its top investor and increasingly calling the shots at Italy’s biggest phone group.

In the document published by online magazine Key4Biz, Matteo Orfini said the state needed to push for the creation of a single integrated network company and eliminate infrastructure rivalry which he called “unsustainable in the long term”.

“The status quo is not an option,” he said.

Listing a series of scenarios to resolve the network tiff, Orfini said a public or private Italian investor could flank Vivendi as a shareholder in TIM, to help sharpen the Italian phone group’s business focus.

He added that CDP could propose to buy part or all of Vivendi’s stake in TIM.

Orfini said Vivendi should be given the opportunity to give up control of Italy’s biggest phone group and instead focus on its plan to build a European media powerhouse, by involving broadcaster Mediaset, in which it has built a stake of just under 30 percent.

Plans to spin off TIM’s network, which according to some estimates could be worth up to 15 billion euros ($ 17.7 billion), have foundered in the past over its valuation and because TIM insisted on hanging onto the business.

Orfini said that while a spin-off might be difficult in the short term, the network could be separated into a regulated newco, fully controlled by TIM but legally distinct.

That move, along with some state participation in TIM, could facilitate a later integration with network rival Open Fiber.

TIM shares rose more than 3 percent after the position paper came out. The stock was up 2.1 percent at 0.77 euros by 1153 GMT.

TIM, which considers its network a strategic asset, declined to comment. Vivendi could not immediately be reached for comment.

Reporting by Giselda Vagnoni, writing by Agnieszka Flak; Editing by Ken Ferris

Tech

Guess what? Any phone could explode, not just Samsung’s Galaxy Note7.

Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f201617%2f9e4c89d837314705874a57e07c9b560a

Feed-twFeed-fb

It really sucks to be Samsung right now.

Just when the company launches its Galaxy Note7, its best smartphone ever — one that I called the best smartphone on the planet — reports of devices exploding have forced the company to halt production and provide an unofficial recall through an “exchange program.”

All of last week, I’ve been inundated with comments on social media and IRL in regards to my review and the explosions.

Most comments were something along the lines of: “So much for being the best phone now that they’re exploding!” and “Are you planning to retract your review or change it?” Read more…

More about Batteries, Recall, Explosions, Android, and Note 7


All articles

Apple could add tap-to-pay support to iPhone 7 in Japan, but it’s not NFC


Apple might be looking to introduce a new tap-to-pay feature to its upcoming line of iPhones exclusively for customers living in Japan, Bloomberg reports. Instead of using NFC – similarly to its Apple Pay service in North America, Europe and Australia – the iPhone maker will opt for a Sony-built technology called FeliCa that currently dominates the mobile tap-to-pay market in Japan. With this move, Apple is looking to offer customers in Japan a quick and easy way of using their iPhones for public transport payments. The feature will also be widely supported at various vending machines, convenient stores and retailers across the country. Ditching NFC in favor of FeliCa makes sense.…

This story continues at The Next Web


All articles