Put open source to work
July 16–17, 2018: Training & Tutorials
July 18–19, 2018: Conference
Portland, OR

The IoT botnet wars, Linux devices, and the absence of basic security hardening

Drew Moseley (Mender.io)
11:50am12:30pm Thursday, July 19, 2018
Edge computing
Location: E146
Level: Beginner
Average rating: ****.
(4.33, 3 ratings)

Who is this presentation for?

  • Embedded Linux developers, open source enthusiasts, system integrators, design engineers, and open hardware engineers

What you'll learn

  • Understand real-world security risks in bringing devices online
  • Learn specific measures to take to help defend your devices


An ongoing battle is being waged to leverage insecure Linux-based internet of things (IoT) devices. For example, BrickerBot attacks connected devices and causes them to “brick,” making them completely useless in a permanent denial-of-service (PDoS) attack. Likewise, Mirai was behind the largest DDoS attack of its kind ever in October 2016, with an estimated throughput of 1.2 terabits per second. It leveraged a botnet consisting of connected printers, IP cameras, residential gateways, and baby monitors to bring down large portions of the internet, including services such as Netflix, GitHub, HBO, Amazon, Reddit, Twitter, and DIRECTV. (BrickerBot’s goal appears to counter Mirai’s: bricking insecure Linux devices so that malware such as Mirai can’t subjugate these devices in another DDoS attack.)

Drew Moseley explores the malware infecting Linux IoT devices, including Mirai, BrickerBot, and Hajime, and the vulnerabilities they leverage to enslave or brick connected devices. Drew then walks you through specific vectors they used to exploit devices and covers some security hardening basic concepts and practices that would have largely protected against them. Drew also discusses Mender.io, an open source project to deploy over-the-air (OTA) software updates to embedded Linux devices (the IoT).

Topics include:

  • Closing unused open network ports
  • Intrusion detection systems
  • Enforcing password complexity and policies
  • Removing unnecessary services
  • Frequent software updates to fix bugs and patch security vulnerabilities
Photo of Drew Moseley

Drew Moseley


Drew Moseley is a technical solutions architect at Northern.Tech, where he works on the Mender.io open source project to deploy OTA software updates to embedded Linux devices. Throughout his career, Drew has focused on embedded software and developer tools, including embedded Linux and Yocto. He has worked at Mentor Graphics, Red Hat, Intel, and Monta Vista Software on embedded projects such as RAID storage controllers, direct and network-attached storage devices, and graphical pagers. He spent the last seven years working in operating system professional services, where he helped customers develop production embedded Linux systems. Drew is a frequent speaker at conferences such as Embedded Systems Conference and All Systems Go. He was raised in Tampa, Florida, and attended the University of Florida.