The Federal Office for Information Security (BSI) in Germany has issued a significant warning regarding pre-installed malware found on Internet of Things (IoT) devices, specifically targeting digital photo frames and media players. This alert comes as the BSI successfully disrupted communication between approximately 30,000 infected devices and cybercriminals who exploit these vulnerabilities.
The threat of pre-installed malware
The malware, identified as BadBox, is particularly concerning because it is installed on devices at the time of purchase, often running outdated versions of Android. BadBox can create unauthorized accounts for email and messaging services, facilitating the spread of fake news. Additionally, it engages in ad fraud by manipulating web traffic and can act as a residential proxy service, allowing criminals to use infected users’ internet connections for illicit activities. This not only puts the users at risk but also associates their IP addresses with potential cybercrimes. BSI President Claudia Plattner emphasized the growing issue of malware on internet-capable products, highlighting the risks posed by outdated firmware. She called for responsibility from both manufacturers and consumers, urging buyers to prioritize cybersecurity when selecting IoT devices.
BSI’s response: sinkholing measures
In response to this threat, the BSI has implemented sinkholing measures under Section 7c of the BSI Act. This action reroutes communication from affected devices to prevent further interaction with the criminals controlling the malware. The BSI’s measures extend to providers with over 100,000 customers, ensuring that those affected are informed about potential malware infections through their internet service providers. While these measures provide temporary protection, the BSI warns that devices with outdated firmware remain vulnerable to future attacks. Reports indicate that smartphones and tablets may also be at risk, suggesting a much larger scope of potential infections than initially recognized.
Consumer guidance
Consumers whose devices have been flagged as infected will typically receive notifications from their telecommunications providers based on their IP addresses. However, due to the nature of these products being sold under various names despite being identical in construction, the BSI cannot specify which products are affected. The BSI encourages all consumers to take immediate action by disconnecting any potentially infected devices from the internet. They also recommend verifying the security features of IoT products before purchase, such as ensuring official manufacturer support and up-to-date operating systems. For more information on how to protect against such threats and details about sinkholing, consumers can refer to resources provided by the BSI on their website.
As IoT devices become increasingly integrated into daily life, the importance of cybersecurity cannot be overstated. The BSI’s proactive measures against BadBox serve as a crucial reminder for consumers to remain vigilant and informed about the security risks associated with their connected devices