Huawei IoT Exploit Code Released for Free
The working code for a Mirai variant targeting a Huawei internet of things (IoT) vulnerability has been made free on Pastebin.
According to NewSky Security, the exploit, which attacks aspects of the SOAP protocol, has already been weaponized in two distinct IoT botnet attacks, namely Satori and Brickerbot.
“CVE-2017–17215, a vulnerability in Huawei HG532 devices, was discovered during a zero-day Satori attack by Checkpoint and was discreetly reported to Huawei for a fix,” explained the firm, in a blog. “The proof of concept code was not made public to prevent attackers from abusing it. However, with the release of the full code now by the threat actor, we expect its usage in more cases by script kiddies and copy-paste botnet masters.”
When analyzing snippets of the Brickerbot source code earlier in the month, the firm found usage of the same exploit, implying that the code has been available for a while.
“This is not the first time that IoT botnets are making use of issues related to the SOAP protocol,” said NewSky. “Earlier this year, we have observed several Mirai offshoots using two other SOAP bugs (CVE-2014–8361 and TR-64) which are code injections in and respectively. In the image below, we see a Mirai variant disassembly, where both exploits were used together to increase the chances of a successful attack.”
When an IoT exploit becomes freely available, it's only a matter of time until bad actors will implement the exploit as one of the attack vectors in their botnet code. For instance, prior to the Huawei bug, NewSky observed the leakage of NetGear router exploit (aka NbotLoader), which lead to that code being integrated into the well-known botnet, Qbot.
To protect the devices against CVE-2017–17215, Huawei has released a security pat
Source: Information Security Magazine