[SingCERT] Alert on New Silex Malware on IoT Devices
Published on Thursday, 27 June 2019 11:13Background
A new Internet of Things (IoT) malware, dubbed Silex, is affecting IoT devices such as routers and IP cameras with telnet (port 23) service running on its Internet-facing interface.
The malware attempts to gain access to IoT devices by using default and widely-used telnet credentials, and corrupts the device by filling its storage, removing its firewall and network configurations, and halting the device, thus rendering it unusable.
IoT devices with:
- Busybox running
- Telnet listening on port 23
- Factory default credentials
A corrupted device is unusable until its firmware is reinstalled.
Systems administrators are advised to change the IoT factory default credentials; and to use a long and random password/passphrase which comprises a mix of uppercase and lowercase letters, numbers, and symbols.
Systems administrators are advised to close the telnet on the Internet-facing network interface.