A newly discovered internet-of-things (IoT) botnet has been interfering with Android OS-based set-top boxes (STBs).
Ares was uncovered by device cybersecurity company WootCloud, which named it for the Greek god of war – not after Athena, who represents military strategy and generalship and is the goddess of intelligence, but after Ares, who is associated with the untamed physical and violent aspects of warfare. Uh-oh.
The Ares ADB Botnet was found after researchers identified suspicious behavior on Android STBs used for streaming media from sites likes Netflix and Hulu. After closely monitoring activity on HiSilicon, Cubetek and Qezy Media STBs, WootCloud discovered Ares targeting Android-based IoT devices to trigger infections on a large scale.
WootCloud founder and CTO Srinivas Akella told Infosecurity Magazine: "Our discovery has seen Ares using misconfigured ADB interfaces left open on custom android installations on set-top boxes to get full control of the set-top box. We have not seen smart TVs infected in our investigation, but any Android device with this interface open for access is vulnerable to this attack."
Explaining why the newly discovered botnet is such bad news, Akella said: "Ares attacks set-top boxes and compromises them so they can be used to install malware and further compromise other devices with [distributed denial-of-service] attacks, Bitcoin mining and brute-force password-cracking attacks, amongst others.
"This discovery is significant because it is on the intersection of Android and the home theater IoT market. Since these IoT devices are custom-made, it is very hard for home users, who generally have limited technical knowledge, to disable them. This lets attackers have stable sources of bots."
The global set-box market was valued at $17 billion in 2017, and the number of such devices using Android OS is increasing exponentially, meaning botnets like Ares could pack a powerful punch.
Arkella hinted that the vulnerability of digital devices to cyber-threats could be reduced if more security research was carried out on products prior to release.
He said: "We find that manufacturers are, rightfully so, in a rush to deliver products to market. Often it leaves it hard to fix security holes and misconfigurations."