Skip to Content
Computing

A fast-evolving new botnet could take gadgets in your home to the dark side

Satori is built to turn routers, thermostats, and other household devices into zombies.
January 31, 2018
Nicolas Ortega

There’s a new botnet in town. Since December, security researchers have been tracking an insidious piece of malware called Satori, which hijacks internet-connected devices and turns them into “zombies” that can be remotely controlled in unison. The number of devices in its thrall is still small. But whoever’s behind it is working quickly to tweak its design, hoping to build a powerful army of machines that can be summoned to pump out masses of e-mail spam, incapacitate corporate websites, or even bring down large chunks of the internet itself.

Satori, whose name means “enlightenment” in Japanese, has dark origins. Some of its source code appears to be the same as that of Mirai, a botnet that in 2016 used hundreds of thousands of compromised routers, web-connected cameras, and other devices to send out a flood of data traffic that overwhelmed some key internet infrastructure in America. That attack temporarily took down the sites of a number of prominent companies, including Twitter, the New York Times, and Airbnb.

The authors of Mirai have since been caught, but their creation has clearly inspired others to follow in their footsteps. “It’s obvious that Satori is under active development,” says Matt Bing of NetScout Arbor, a cybersecurity firm.

What you can do to keep the zombies at bay

  • Changing default passwords and settings on connected devices is critical, as is applying any software updates promptly. And if your home broadband slows dramatically—which could be a sign it’s being used in a web attack—ask your internet service provider to check what’s happening. If you tell them you think your router may have been zombified, they won’t think you’re a weirdo.

As a result, it’s been evolving quickly. It began by targeting routers in Latin America and Egypt. When internet service providers in those places blocked it late last year, a new variant appeared, aimed at computers mining digital currency. Now it’s morphed again. The latest version targets software associated with ARC processors, which provide the silicon brains for a wide range of internet-of-things devices, including some smart thermostats, digital TV set-top boxes, and car infotainment systems.

After finding a weak point in a device’s defenses, Satori probes to see if the owner has kept default passwords and settings, hoping to exploit these to gain control of the machine. If it succeeds, it then looks for other devices on a network and tries to infect them too.

Dale Drew, chief security strategist at CenturyLink, a network services provider that’s been tracking Satori, says the botnet currently comprises perhaps no more than 40,000 devices. But he notes that the (still unknown) author of the malware is “pretty disciplined in identifying new tactics and techniques” to compromise machines. If the zombie master is successful in targeting the internet of things more broadly, he or she could end up building a botnet that’s even bigger than Mirai.

Deep Dive

Computing

ALEXANDER LUKASHENKO and hacktivists concept illo
ALEXANDER LUKASHENKO and hacktivists concept illo

Hackers are trying to topple Belarus’s dictator, with help from the inside

Opposition from inside the regime of Alexander Lukashenko is helping hackers run what may be the most comprehensive cyberattack on a nation ever.

0day exploit attacks computer
0day exploit attacks computer

2021 has broken the record for zero-day hacking attacks

But the reasons why are complicated—and not all bad news.

Department of Justice building
Department of Justice building

This US company sold iPhone hacking tools to UAE spies

An American cybersecurity company was behind a 2016 iPhone hack sold to a group of mercenaries and used by the United Arab Emirates.

collage of gears
collage of gears

Reimagining our pandemic problems with the mindset of an engineer

Grappling with all the uncertainty, the epidemiologist’s role during the pandemic proved confusingly complex. A more pragmatic, problem-solving mindset might help in making good decisions.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.