Sierra wireless gateways fall foul of Mirai malware

By:
Bill Boyle
Published on:

Sierra Wireless has discovered its AirLink gateway wireless products have been compromised by Mirai malware

Sierra Wireless has been warning customers to change their default access credentials on AirLink gateway products after they discovered the wireless products have been compromised by Mirai malware.

Mirai, a particulalrly vicious combination of malware and botnet was in the news recently after a 620 Gbps distributed denial-of-service (DDoS) attack on the prominent security blog Krebs on Security, has enslaved thousands  maybe millions - of Internet of Things (IoT) devices, from CCTV cameras to routers.

Over the weekend the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security advisory warning that these products are susceptible to the Linux-based malware.

According to Sierra Wireless, that there have been reports of devices becoming infected due to the use of default credentials within the gateways' password ACEmanager.

The communications equipment maker says after the malware compromises a product, it deletes itself and resides only in memory before it starts to scan for more vulnerable devices and then contacts the Mirai server, which may then use the device in future DDoS attacks.

Sean Newman, director at Corero Network Security said: “It’s kind of understandable that passwords protecting the majority of network enabled consumer devices get left at their factory defaults, as end-users often lack the awareness or confidence to change them – in these cases, manufacturers need to start taking more proactive measures to help ensure users are aware and making it simple for them to update passwords without fear of rendering the devices unusable.

“However, when it comes to commercial equipment, there is simply no excuse for IT professionals and installers of such equipment to leave devices in their default security state.  Even for the simplest of devices which require any kind of configuration, there will be password controlled access which should be updated.  Sierra’s products have been unlucky enough to become the next target, but that’s not due to anything remiss on their part, and there are many more vendors out there with products in the same position, waiting to become the next mass target.  Well done to Sierra for proactively reaching out to their customers and highlighting the risk and reminding them to do, essentially, what they should have done anyway!”