Q I. T solution

Brickerbot wants to break your devices
There's a new kind of computer malware on the block. It doesn't want to spy on you or hold your data for ransom. Instead, it wants to corrupt and destroy your computer hardware. And it's called Brickerbot.

What is Brickerbot?

Brickerbot is a type of malware — malicious software — that was discovered by a researcher at a cybersecurity company called Radware. Brickerbot is a particularly nasty piece of software because its goal is to render your devices unusable.

withings-baby-monitor306
Brickerbot wants to mess up your smart baby monitor. ((Ted Kritsonis))

For example, let's say you have a security camera that's hooked up directly to the internet. Brickerbot would try to remotely log in to your camera then try to break it. Pascal Geenens is the researcher who discovered this malware. He said this is what's called a "Permanent Denial of Service" attack.

He explained: "A permanent denial of service attack is typically where you will try to override software or try to destroy hardware in such a way that the device cannot be recovered without experts doing recovery on the device."

This malware tries to make your devices about as useful as a brick, hence the name Brickerbot. The attacks were first identified last month and are still going on.

Didn't this same thing happen last year?

We saw a very similar type of remote attack last year with the Mirai botnet. Mirai was used in several large-scale network attacks, including the attacks that took down Twitter, Reddit, Netflix, Airbnb and others.

Streaming Fight
The Mirai botnet made it impossible to Netflix and chill (Elise Amendola/Associated Press)

Like Brickerbot, Mirai works by scanning the internet, looking for vulnerable internet of things devices, like cameras, home routers and digital video recorders. When it finds one, it installs malware on the device and makes it part of a botnet, which is basically a large army of devices that can be used as weapons to take down websites. Instead of trying to recruit your devices into a bot army, Brickerbot tries to mess them up so they don't work anymore.

What type of devices are vulnerable to this type of attack?

Brickerbot seems to be going after a number of different internet of things devices that are directly connected to the internet, meaning they have IP addresses that are publicly available on the internet. They also seem to be targeting devices that run embedded versions of Linux, like routers, IP cameras and digital video recorders.

Part of the issue with some of these devices is that out of the box, they have a default password. And if nobody changes that password, it's easy for malware like Mirai or Brickerbot to get in and wreak havoc.

computer password
Changing factory-set passwords can help protect your smart devices from Brickerbot, but that can be tricky to do. (Shutterstock)

According to Geenens, for some internet of things devices, it can be very difficult to change the default password.

"Now the big problem that we have today if you are a consumer is, how do I know my device is secure? I go buy a smart fridge, how do I know it's secure?" he said. "There is no third party organization that gives out the label for security. So that means that we have to trust the vendors."

Geenens says he's seen plenty of internet of things devices that claim to be secure and aren't.

Why would someone design a bot to destroy devices like this?

We don't know who created Brickerbot, so it's difficult to understand their motivations. With Mirai last year, it makes more sense. If you can create a botnet out of hundreds of thousands or millions of internet of things devices, you can sell access to your botnet. There are financial incentives.

It's less obvious why someone would want to create software that renders the internet of things unusable. But there are a few theories. One is that Brickerbot was created by someone who's upset by the current state of security in the internet of things. The second is that it's someone who's angry at device manufacturers for not fixing security issues like easily guessable default passwords.

It's possible Brickerbot is designed to be a sort of vigilante, disabling internet of things devices before they can become part of a botnet.

Light switch
Brickerbot could make it lights out for your smart light switch. (Steve Marcus/Reuters)

What can individuals do to protect themselves from this type of attack?

The good news is many consumer devices on the internet of things are sitting behind a gateway — like router — so they're not directly addressable from the public internet.

Last fall, when the Mirai botnet was in the news, I talked to security expert Ken Munro.

Munro said if you're considering an internet of things device, like a smart thermostat or internet-connected baby monitor, you should go for a brand name that you recognize and trust since well-known companies are more likely to issue updates that fix security holes and patch vulnerabilities when they are found.

The other option, is simply to avoid so-called "smart home" devices, though that's becoming increasingly difficult. If you do have devices hooked up to the internet — like a router, camera, or DVR — I recommend looking up how to change the default password, because the security experts I've spoken to think we're only going to see more of this type of attack.

Huawei has launched new large-screened smartphones in the wake of Samsung's Galaxy Note 7 disaster.
The Mate 9 handsets are among the first to be powered by Android 7 and come in two designs: a model with a 1080p "full HD" display, and a Porsche-branded edition with nearly twice the resolution.
The Chinese company says it has also tackled smartphones' tendency to slow down over time.
But one expert said Western consumers were still uncertain about its brand.
"Huawei has never been a company to miss an opportunity, and it seems as though it has moved mountains to get the Mate 9 to market as quickly as possible," said Ben Wood, from the CCS Insight consultancy.
"But the phone is not a like-for-like comparison with the Note 7 - for one, it doesn't have a stylus.
Image caption
This is the second time Huawei has used Leica-branded camera equipment in its phones
"Huawei's brand also doesn't have the status of Samsung as yet.
"That's why it seems to be blending its brand with others.
"So, for the camera, it has partnered with Leica, and for the limited edition model, it has worked with Porsche.
"But Blackberry also partnered with Porsche in the past, and although that generated interest and created a halo-effect for other products, they didn't sell massive volumes."
Explosive fault
Samsung scrapped its Note 7 phablets last month after dozens of the devices caught fire.
The South Korean company initially thought a battery fault was to blame, and switched its own component for a third-party power cell.
But the problems continued, and after failing to identify the cause, Samsung halted production and said it was scrapping the 4.3 million handsets it had already manufactured.
Image caption
Samsung has said its Note 7 recall will cost it at least £4.4bn ($5.4bn)
Like the Note 7, Huawei's new phones also feature a "supercharging" battery technology that promises to deliver a day's worth of power within 30 minutes and a full two-day charge in 90 minutes.
The company's senior product manager, Michael Seitz, told the BBC that the system had been through a nine-month development and testing process and had been checked by an independent research lab.
"It keeps really cool in your hand even while recharging," he said.
Image caption
Huawei says its "supercharging" battery technology has gone through rigorous tests
Several analysts have suggested Huawei is best placed to benefit from Samsung's setback.
Apple underestimated demand for its largest model, the iPhone 7 Plus, leading to a backlog in orders.
And Google has acknowledged having a similar problem with its Pixel XL phone.
It has also locked itself into exclusive deals with single operators in the US, UK and Australia - struck before the Note 7 fiasco - which will limit sales.

looking for affordable IT solution

Q I. T solution To provide the community with quality Information Technology business information solutions, reliab