Skip to main content

Hajime is a ‘white worm’ that infects and secures vulnerable IoT devices

The Internet of Things (IoT) has been a source of some serious security concerns recently, with millions of IoT devices being vulnerable to attack and compromise. Mirai is perhaps the most famous of all IoT malware, and it was at the root of an attack in October 2016 that took down a significant portion of the Internet.

Now, there’s another piece of code that’s targeting IoT devices, and it’s growing. The strange thing, however, is that as far as anyone can tell, the so-called “Hajime” code isn’t doing anything bad, and in fact, it might be doing some good, as Symantec’s Security Response blog reports.

Recommended Videos

Researchers have known about Hajime since October 2016, and the software is like Mirai in that it targets IoT devices with open Telnet ports and secured with the factory default username and password credentials. Hajime, therefore, uses the same attack vector as the destructive malware that was responsible for the massive distributed denial of service (DDoS) attack last year.

What makes Hajime different is that it appears to contain no destructive code, and it’s actually even more stealthy and effective at hiding itself than Mirai. Hajime also utilizes a peer-to-peer network as opposed to relying on a single command and control (C&C) server. Oddly enough, the latter characteristic makes Hajime more robust and harder to shut down than Mirai, because there’s not a single server to locate and eradicate.

However, the only active thing Hajime does at this point is to display a message every 10 minutes or so, which is currently limited to saying, “Just a white hat, securing some systems. Important messages will be signed like this. Hajime Author. Contact CLOSED. Stay Sharp!” Researchers note that the message is cryptographically signed and requires a hardcoded key, and so it’s clear where the message comes from.

Perhaps more important, Hajime also takes steps to lock down the IoT devices it infects, blocking a few ports that have been identified as making devices vulnerable to attack. In essence, the Hajime code helps to secure IoT devices and given its fast growth rates is actively securing the internet at large.

Symantec
Symantec

Of course, there’s no guarantee that Hajime’s author actually has good intentions. The reality is that Hajime is making things safer today, but it remains a piece of code that’s architected in such a way as to make it a relatively trivial matter to switch over to nefarious purposes.

In addition, these “white hat hacking” attempts and “white worms,” as they’re called, are temporary — reboot the device and they go away. They’re not like firmware updates that would have a lasting effect. Therefore, devices could be infected with Mirai one day, then “fixed” with Hajime the next, and then further “fixed” with one of the other white hack efforts that have attempted to clean up the IoT security mess.

In the long run, what’s needed is for IoT users to lock down their devices with strong passwords, and to shut off Telnet login and use SSH where they can. Router security can be strengthened by turning off Universal Plug and Play (UPnP), and all devices should be kept up to date with the latest firmware updates. Until users and manufacturers do their part to lock down IoT, however, it will remain something of a wild, wild west where black and white hat hackers battle for control.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Alienware Area 51 gaming PC with RTX 5090, 64GB of RAM is $800 off
Alienware Area 51 gaming PC.

Even if money is no object in your quest to buy the most powerful gaming desktop available, you shouldn't ignore any chance at savings. Check this out: Dell is selling the Alienware Area 51 with the Nvidia GeForce RTX 5090 graphics card at $800 off, bringing its price down from $6,100 to $5,300. It's still an expensive machine even after what's already one of the largest discounts in today's gaming PC deals, but it's an offer that you shouldn't miss if you're willing to take the plunge into high-end PC gaming.

Why you should buy the Alienware Area 51 gaming PC

Read more
Amazon is selling this Sansui curved gaming monitor for only $230
A person playing video games on the Sansui ES-G34C5 curved gaming monitor.

You don't have to spend several hundred dollars to get a solid screen for your PC gaming setup. There are affordable monitor deals for gamers on a tight budget. Here's one from Amazon: the Sansui ES-G34C5 curved gaming monitor for only $230, following a 12% discount on its original price of $260. The $30 in savings doesn't look like much, but every dollar saved goes a long way in this hobby, so you should proceed with your purchase quickly to make sure you don't miss it.

Why you should buy the Sansui ES-G34C5 curved gaming monitor

Read more
Microsoft Edge Canary new tab page replaces MSN with Copilot
Microsoft Edge appears on a computer screen with plants and a window in the background.

Microsoft is testing a new Copilot-powered interface in the Canary version of Edge, replacing the MSN feed on the New Tab Page in an attempt to streamline browsing, according to Windows Latest. Users can enable it via experimental flags.

If the new design rolls out to the stable version, Copilot will replace the familiar MSN feed as the first thing you see when you open a new tab. You'll see a compose box in an uncluttered design with a greeting message that asks, "How can I help you today?"

Read more