This Mirai malware vaccine could protect insecure IoT devices

The hazard of unsophisticated and poorly secured Internet of Things (IoT) devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat.

Researchers have posed an original solution to the problem: Use the vulnerability of these devices to inject a white worm that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.

+ Also on Network World: How to improve IoT security +

These devices are still a threat because some cannot be fixed because they have hard-coded back doors. Other insecure devices have software or firmware vulnerabilities that cannot be fixed because product designers did not include a software updates mechanism.

After studying the source code of the Mirai worm and its command and control system, researchers from the Technical University of Denmark, Denmark; Orebro University, Sweden; and Innopolis University, Russian Federation proposed this almost unprecedented idea in a paper titled AntibIoTic: Protecting IoT Devices Against DDoS Attacks (pdf). The Mirai source code was published on Github after it was originally released on Hackforums, as reported by Krebs on Security.