The latest online malware, dubbed Brickerbot, is particularly nasty, as it virtually destroys vulnerable devices. This new approach has led to a new term, PDoS, for Permanent Denial of Service.
Hacked devices don’t go up in smoke, but the software on the devices is almost entirely wiped out. For most people, most of the time, this would render hacked devices into paperweights.
A vulnerable device is one that exposes the Telnet service to the Internet at large. The vulnerable device might be your router, or, if the router supports UPnP, then any device on your network could be vulnerable.
Fortunately there is an easy way to test if a device on your home network is vulnerable.
Telnet uses TCP port 23 which you can kick the tires on by clicking on the link below, which uses the Portprobe feature of Steve Gibson’s Shields UP!
There are three possible states for a TCP port. The safest state is “Stealth”. A “Closed” port should also be safe, but an “Open” port is inviting trouble.
Some IoT devices use port 2323 as an alternate port for Telnet. The Mirai botnet scans for vulnerable devices on both ports 23 and 2323. So, for good luck, test TCP port 2323 by clicking on the link below.
For these tests to be valid, they need to be run from a device on your home network that is not connected to either Tor or a VPN.
If one of the tests shows an Open port, the next step is figuring out which device on the network is vulnerable. There is no easy answer to that.
Most likely the answer can be found in the router, but there is nothing standard about how to logon to a router and where, in its administrative interface, to look. There are some instructions for testing individual devices on my Router Security site.
As for good news, a device that exposes Telnet is only vulnerable to BrickerBot if it uses a default Telnet password. Still, the Defensive Computing thing to do is not accept Telnet connections from strangers.