Silex Malware Attacks

lenl · June 28, 2019, 5:04am

New malware bot - Silex - infecting IOT devices like MAX BR1s that are Linux based. Peplink needs to lock down access to the underlying Linux OS. Cradlepoint ships devices with Linux access based on the device serial number. That or a functional equivalent needs to be implemented by Peplink. Following is a link to an article on Silex:

Rick-DC · June 28, 2019, 6:24am

Interesting article. Perhaps you know more about this than the article states.

What specifically do you see as the risk to Peplink/Pepwave products which are properly managed to minimize the threats posed by bad actors – User ID changed, password changed and robust, SSL in use, access restricted to LAN-side only, default ports changed, etc?

dennis.hofheinz · June 28, 2019, 6:30am

Hi Rick,

I think your solution should protect the device. What I found is, that an exploid will attack Telnet and SSH. If these ports are closed the malware has no chance.

The first version of the malware was made from a 14 years old guy, maybe Peplink can hire him to secure the systems

Regards
Dennis

Rick-DC · June 28, 2019, 6:41am

Hi Dennis. Actually, we typically recommend and do quite a bit more than what I described. I must say when I hear "Peplink needs to …"do something the way a competitor does I start to lose interest quickly. But if here is “more to the story” I’d be interested in hearing it.

I always appreciate your comments.

Rick

lenl · June 28, 2019, 7:25am

I have customers with literally thousands of franchise locations that are independently owned and operated by non-technical personnel (ie: accountants with seasonal tax preparation pop-up kiosks). They do not have the skill-set to apply proper procedures to lock down these devices. They also don’t want to pay for the technical services to do it for them. We could say they deserve what happens to them. I disagree. I think they deserve to be protected if we can do it relatively easily. Not doing so is nothing more than a reason to cede markets like this (I have numerous others) to Cradlepoint, etc. I don’t think that’s a good idea.

MartinLangmaid · June 28, 2019, 3:30pm

No it really doesn’t - since it already has.

You can’t can’t get a normal linux shell on a Peplink/Pepwave device just a very restricted user level one and even that is disabled by default.
I don’t see any usable attack vector here for Silex - so this is nothing to worry about in my opinion.