GPN17:From Mirai to Apple

aus dem Wiki des Entropia e.V., CCC Karlsruhe

Ein Vortrag von Puck auf der GPN17.

In my talk I will show how the Mirai bot net abused a common implementation flaw in many IoT devices, which opens home firewalls to the internet. This allows anyone looking to find those devices using tools as simple as Shodan.io .

While reading about the Mirai botnet I was confronted with a simple and yet profound question: How the hell could this even work? Shouldn't there be firewalls built into every router to prevent such an attack? And (almost) no one who buys an IoT device knows how to manually open the ports on their routers. So how could Millions of these things become a botnet?
This question send me on a scavenger hunt searching for a way to find the smartest device in my home network. A multi-function printer. To get my answers I had to look into how UPnP ,and Apples alternative Bonjour, work.

Links