Author Topic: Is the Vera Affected by The Mirai IoT DDOS code?  (Read 1105 times)

Offline butric

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
Is the Vera Affected by The Mirai IoT DDOS code?
« on: October 02, 2016, 07:38:56 pm »
Hello Everyone.

Some of you may be aware of the recent discovery of an extremely large botnet that was created by some malicious code nicknamed 'Mirai' that is creating botnets out of insecure IoT devices. Those of you who do not have any idea what I am talking about, allow me to explain in more detail.

A DDoS attack stands for "Distributed Denial of Service attack." Basically, all computers can communicate with eachother using things called 'pings' or basically a "hello" in our language. But if abused, a ping can be issued thousands upon thousands of times a second, and thus, the computer being 'pinged' cannot communicate anymore because it's flooded with requests. Why does this matter? Because if YOU become one of the computers on the botnet, then you will experience extremely slow internet performance, and in this case, probably loss of home automation functions.

My question is whether or not the Vera system is vulnerable to this type of attack. I know that Vera uses an online login tool to essentially authenticate with Vera, but I think it is certainly a strange way of doing things on MeCasaVerde's part.

Offline mvader

  • Sr. Member
  • ****
  • Posts: 370
  • Karma: +29/-74
Re: Is the Vera Affected by The Mirai IoT DDOS code?
« Reply #1 on: October 03, 2016, 09:18:13 am »
Hello Everyone.

Some of you may be aware of the recent discovery of an extremely large botnet that was created by some malicious code nicknamed 'Mirai' that is creating botnets out of insecure IoT devices. Those of you who do not have any idea what I am talking about, allow me to explain in more detail.

A DDoS attack stands for "Distributed Denial of Service attack." Basically, all computers can communicate with eachother using things called 'pings' or basically a "hello" in our language. But if abused, a ping can be issued thousands upon thousands of times a second, and thus, the computer being 'pinged' cannot communicate anymore because it's flooded with requests. Why does this matter? Because if YOU become one of the computers on the botnet, then you will experience extremely slow internet performance, and in this case, probably loss of home automation functions.

My question is whether or not the Vera system is vulnerable to this type of attack. I know that Vera uses an online login tool to essentially authenticate with Vera, but I think it is certainly a strange way of doing things on MeCasaVerde's part.

no - that attack is looking for devices with the login of
admin:password
user:user
stuff like that.. the vera devices have a unique password for each device.
so no it's not vulnerable to that type of attack, at least not with Mirai

Offline ember1205

  • Sr. Member
  • ****
  • Posts: 365
  • Karma: +4/-21
Re: Is the Vera Affected by The Mirai IoT DDOS code?
« Reply #2 on: October 03, 2016, 08:48:49 pm »
Additionally, your description of a DDOS attack is wrong.

A DDOS attack occurs when large numbers of machines at varying locations in the world all attempt to communicate with a very small number of machines (possibly only one) located in one place. And, they don't do it with "ping" packets. One of the things that makes DDOS attacks extremely hard to protect against is the fact that legitimate traffic and attack traffic is generally indistinguishable from each other. In order for the traffic to "look the same", the communications must look the same - this means that these distributed attacking hosts would all be sending a SYN packet or possibly attempting to complete the threeway handshake (SYN - ACK/SYN - ACK) in massive quantities. Ping packets use an entirely different protocol and have no concept of connections, SYN, handshaking, or anything else that has to do with legitimate traffic.

The premise behind a DDOS attack is to "flood" the receiving network, firewall, server, etc. with traffic that -seems- legitimate, making it almost impossible for traffic coming from legitimate clients to operate. If the target is a web site, it can disrupt its operation and cause financial damage to the company that runs it.

Offline RichardTSchaefer

  • Master Member
  • *******
  • Posts: 9501
  • Karma: +721/-133
    • RTS Services Plugins
Re: Is the Vera Affected by The Mirai IoT DDOS code?
« Reply #3 on: October 03, 2016, 10:21:29 pm »
That is what has been discovered already. Once they have access to a device on your LAN ... They can start probing other devices on your net. Many devices on your LAN are trusting of devices on your LAN.

Sent from my SAMSUNG-SM-G935A using Tapatalk


Offline butric

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
Re: Is the Vera Affected by The Mirai IoT DDOS code?
« Reply #4 on: October 04, 2016, 12:19:06 am »
Quote
no - that attack is looking for devices with the login of
admin:password
user:user
stuff like that.. the vera devices have a unique password for each device.
so no it's not vulnerable to that type of attack, at least not with Mirai

Thanks for the answer! I just thought it was weird since the vera doesn't seem to have any local authentication for the Web gui. So I thought it may be vulnerable. Thanks.