Linux.Wifatch: The Wireless Router Malware that Increases IoT Security
The latest Linux malware, Linux.Wifatch, doesn't try to steal your information. It just wants to make your Linux-based router firmware, along with other IoT hardware, more secure—while also apparently promoting the free-software/open source ethos.
The latest Linux malware, Linux.Wifatch, doesn't try to steal your information. It just wants to make your Linux-based router firmware, along with other IoT hardware, more secure—while also apparently promoting the free-software/open source ethos.
Linux.Wifatch has been around since 2014. It's malware that installs itself on wireless routers, which in recent years have become a popular target for malicious hackers looking to take over devices from which to launch DDoS attacks and the like.
It turns out that Linux.Wifatch may not actually be as malicious as the rest of its ilk, however. A few days ago, computer security firm Symantec reported that Linux.Wifatch appears to make the devices it compromises more, not less, secure.
"The further we dug into Wifatch's code the more we had the feeling that there was something unusual about this threat," Symantec's Mario Ballano wrote. "For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities."
Symantec based its conclusions regarding Linux.Wifatch's apparently benevolent purpose on the facts that the malware does not appear to include code that could be used for DDoS attacks and posts messages urging users to change their default login credentials to protect their routers against attacks by other hackers.
In addition, the Linux.Wifatch source code contains a copy of the anti-surveillance blurb with which Richard Stallman, father of the free-software movement (which later spawned the open source camp), prefaces his emails: "To any NSA and FBI agents reading my email: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example."
Although it's impossible to say why exactly that snippet appears in the code, it's reasonable to speculate that it is because the author of the malware supports Stallman's campaign against Internet censorship and government surveillance, which complements his commitment to spreading freely shared software code around the world.
Symantec suggested that the Linux.Wifatch author could be an "an Internet-of-Things vigilante," who wants to make devices more secure in our increasingly connected homes and offices. If that's true, it's hard to fault this hacker (or hackers), since the companies that sell these devices have done an remarkably poor job so far of assuring user privacy and security. Maybe activist hackers inspired by the free-software ethos are the best line of defense against our routers, our cars and the rest of our electronic lives being compromised by people up to no good.
