Hacking the Internet of Things

A research botnet was created to detect and compromise unprotected embedded control devices.  These embedded control devices can be found in industrial control systems, medical devices, home appliances, and similar.  A botnet is created when multiple devices are attacked, compromised (aka ‘owned’), and subsequently controlled by the attacker.  The botnet was named Carna Botnet after the Roman goddess of the protection of vital organs and health.

Carna botnet global distribution

Carna botnet global distribution

  • Unprotected embedded devices (tiny computers that typically control things) detected at rate of 1 every 5 minutes
  • Discovered millions of unprotected devices, eg no or trivial username & password.  
  • Carna Botnet now 1.2 million compromised devices
  • Of that 1.2 million, 420,000 have sufficient functionality & resources to continue to propagate the botnet
Distribution of hacked devices by country

Distribution of hacked devices by country

The initial report is here.  Presentation here.

As the world continues to control more and more with networked embedded devices, ie the Internet of Things, we can expect a global rapidly growing platform for malicious behavior that we will need to attend to.


Leave a Reply

Your email address will not be published. Required fields are marked *