Worm may create an Internet of Harmful Things, says Symantec (Take note, Amazon)

Worm may create an Internet of Harmful Things, says Symantec (Take note, Amazon): The Hitchcockian plotlines are endless. Replace The Birds with flying Amazon delivery drones. Or imagine, as researchers did recently at Black Hat, someone hacking your connected toilet, making it flush incessantly and closing the lid repeatedly and unexpectedly.

With those visions in mind, pay heed to what security vendor Symantec says it has discovered: A new Linux worm that “appears to be engineered to target the Internet of Things.”

No attacks have yet been found in the wild, it reported. But as Alfred Hitchcock once said, “There is no terror in the bang, only in the anticipation of it.”

The worm discovered by Symantec attacks an old PHP vulnerability that was patched last year, and targets a small subset of Internet of Things (IoT) devices, such as Linux-based home routers, set-top boxes, security cameras and industrial control systems.

The worm generates IP addresses randomly, sends out HTTP post requests, and then spreads.

More broadly, Symantec says that “vendors of devices with hidden operating systems and software, who have configured their products without asking users, have complicated matters. Many users may not be aware that they are using vulnerable devices in their homes or offices.”