Alert - Default credentials in some Sierra Wireless Devices may be leveraged by Malware

Number: AL16-018
Date: 14 October 2016

Purpose

The purpose of this advisory is to bring attention to potential exploitation of default credentials on Sierra Wireless devices.

Assessment

CCIRC is aware of a potential leveraging of Sierra Wireless devices by the “Mirai” malware MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. for DDOS DDOSSee Distributed denial-of-service attack. activities. The malware could gain access to the AirLink Cellular gateway GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network. using the default ACEmanager credentials publicly available, if the device is reachable on the internet. Using the firmware update function, the malware will be able to run a copy of itself.

Once the malware is running on the gateway it deletes itself and resides only in memory.

Abnormal traffic on TCP port 23 and 48101 and large amount of outbound traffic are strong indicators of malware presence. Port 23 is used by the malware to scan for other vulnerable devices while port 48101 is used for Command and control traffic.

Affected Sierra Wireless products: LS300, GX400, GX/ES440, GX/ES450 and RV50.

Suggested Action

The vendor strongly suggests that customers do the following steps for each of their gateway:

  • Reboot the gateway to eliminate the possibility of in-memory malware.
  • Set the ACEmanager password to one that is secure and unique.

A detailed description of the risk and a list of recommendations to protect your device and attached network from infection can be found in Sierra Wireless technical bulletin linked in the references section.

References:

http://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---mirai/

Date modified: