14 DAY TRIAL // Sierra Wireless, one of the biggest hardware manufacturers of mobile equipment, has issued an alert yesterday, warning customers not to use default passwords with their devices as they might be at risk of infection from the infamous Mirai malware.
The company says that Airlink wireless routers and gateways deployed with 3G and 4G LTE cellular networks are at risk.
Sierra says that network operators that use these devices across their infrastructure, and are using them with their default credentials, are at risk of having the devices taken over and employed in DDoS attacks.
The company lists Sierra Airlink models LS300, GX400, GX/ES440, GX/ES450, and RV50 as vulnerable to Mirai takeovers.
Devices with default password at grave risk
"Because the malware resides only in memory, rebooting the gateway will remove the infection," the company writes in an advisory published on its website.
"However, if the gateway continues to use the default ACEmanager password, it will likely become re-infected," Sierra experts add.
The dangers of having 3G and 4G wireless gateways taken over by Mirai is huge. These devices are very popular, especially Sierra-made equipment, and are spread all over the world in large numbers.
While they may not be the brains behind a cellular network, they are its backbone. Additionally, they have huge bandwidth at their disposal in order to route everyone's mobile and Internet traffic, making them the perfect targets for a DDoS trojan.
Real danger behind taking over 3G/4G network's backbone
Because of this, the US Department of Homeland Security's ICS-CERT department has republished the Sierra advisory on its website, so other vendors and Sierra customers could take notice and prevent any potential infections.
For its part, Sierra has confirmed Mirai infections of Airlink devices, proving the danger is clear and present.
The Mirai Linux trojan targets IoT devices and was used to build a massive botnet that had been behind two of the largest DDoS attacks known to date, against French ISP OVH and journalist Brian Krebs' website.
