BrickerBot — The Dark Knight of IoT

by Pascal Geenens

Over the course of the last week, you have probably heard about the attacks designed to render Internet of Things (IoT) devices across the internet useless. We called the originator of the attacks “Brickerbot,” but should we have called it the “Batman of IoT”?

Permanent Denial of Service

PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of its factory default software image. By exploiting security flaws or misconfigurations, this type of cyber-attack can destroy the firmware and/or basic functions of system usage. Recall the purpose of DDoS attacks, which overload their victim with requests up to the point they cannot perform their intended function anymore. When the attacks stop, however, the victim resumes its intended function as if nothing happened. PDoS, in contract to DDoS, is more permanent. The attack is very short, but it leaves the device in such a state that it is not able to perform its intended function, even after the attack is terminated. After a PDoS, a device requires an on-site, manual intervention to recover it and restore its normal functioning.

Some PDoS are more severe than others. Recall the USB stick that discharges 200 volts into the host computer and fries it. Or the demonstrations at EUSecWest back in June 2008 about how corrupted hardware could be delivered to flash a device and make it unusable, referred to as phlashing.


The PDoS attempts we discovered and discussed in our ERT Alert last week are performed remotely, through telnet access, and using commands that could ultimately corrupt storage, break connectivity and render the device unfunctional. The PDoS in question is targeting software rather than flashing or frying the hardware of its victims, which does however not make it less permanent, less damaging and less impacting. The discovered attacks were using the same exploit vector as Mirai, brute forcing their way in through Telnet. We coined it ‘BrickerBot’ because instead of enslaving IoT devices, like Mirai does, it attempts to destroy or “brick” them.

Read more: