Industry News

Many Sierra Wireless gateways compromised by Mirai botnet, warns US government


The US government’s Department of Homeland Security has warned owners of the Sierra Wireless gateway that they are being targeted by Mirai, a notorious malware family that has been creating a mighty global botnet from poorly-secured IOT devices.

Mirai has already made quite a name for itself by infecting all manner of internet-connected devices such as IP CCTV cameras and DVRs, rather than the conventional computers that are traditionally recruited into a botnet.


The Department of Homeland Security’s warning is not solely altruistic – although I’m sure they are genuine in their desire to have as many organisations and end users avoid being hijacked into a botnet as possible.

What the DHS is certainly also concerned about, however, is what will be done with the botnet. And the most likely use of a huge botnet exploiting IoT devices is to launch a massive Distributed Denial-of-Service (DDoS) attack, as the DHS explains in its advisory:

Based on the currently available information, once the malware is running on the gateway, it deletes itself and only runs in memory. The malware will then proceed to scan for vulnerable devices and report its findings back to a command and control server. The command and control server may also instruct the malware to participate in a DDoS attack on specified targets.

According to a technical bulletin issued by Sierra Wireless, the following Sierra Wireless products are said to be vulnerable:

  • LS300
  • GX400
  • GX/ES440
  • GX/ES450
  • RV50

Mirai, you may recall, was the botnet which launched a Godzilla-sized DDoS attack against the website of security blogger Brian Krebs. No doubt there are plenty of companies and government organisations who would prefer not to find themselves on the receiving end of an attack like that, knocking their websites offline.

Once again, Mirai isn’t exploiting security vulnerabilities in Sierra Wireless’s hardware and software, but rather that many owners will not have changed the default username and passwords that the devices ship with.

The good news is that because the malware solely resides in memory on the infected devices the cure is to simply turn them off and on again, wiping memory in the process. But if you haven’t changed those login credentials, your Sierra Wireless gear will most likely be reinfected soon after you clean the malware off it.

But this, and previous attacks, underline the importance of changing default passwords whenever possible on devices that you attach to the public internet.

If you want to better secure all of your home’s connected devices against IoT threats, be sure to check out Bitdefender BOX.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.