Hello and welcome to the Thursday, April 27th, 2017 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida. Mirai and its variations are still going around and apparently still causing disruptions to ISPs. The latest example is

a Californian ISP Sierra Tell. It apparently had a major outage that did go on for days and actually

forced them to hand out new modems to their customers.

Not really clear which variant of this botnet hit them.

Pricker bot was also implicated here,

but with all these different bots that are going after weak telnet servers,

weak passwords, it's of course hard to tell sometimes which particular

bot is causing the damage. This particular ISP did use similar modems as the one that Deutsche

Telecom and other ISPs used that had outages last year because of these various botnets. Now while PrickerBot's name is derived

from it pricking device, it often actually doesn't do so. It often just overrides volatile memory

in which case just a simple reboot of the modem or device will fix it. But then again, if it's going

to get reinfected in a couple of minutes, that of course may not help much. And more trouble

for Samsung Smart TVs. Apparently Samsung Smart TV support a feature called Wi-Fi Direct.

Wi-Fi Direct is a simple peer-to-peer Wi-Fi network that does not require an access

point. And to authenticate initially, the user usually has to use a PIN or NFC or a similar method.

But in order to simplify that process, once a device is

authenticated, Samsung will whitelist the device and a whitelisting is done via the device's

Mac address. So the only thing an attacker has to do is to spoof a trusted Mac address and with that the attacker

will be able to take over full control of the TV.

Samsung does not consider this security vulnerability according to the discoverer of the vulnerability.

So there's probably no patch coming for this. You can just

...