AirLink® LS300, GX400, GX/ES440, GX/ES450, RV50, RV50X, MP70 and MP70E gateways and routers that are directly reachable from the public internet.
Further to the technical bulletin SWI-PSA-2018-002 issued on 29 March 2018, Sierra Wireless has determined that the IoTroop/Reaper malware is using two methods to infect AirLink gateways and routers connected to the public internet. The primary method of infection is through default or stolen passwords. However, during further investigation by the incident response team, we have identified a previously unknown vulnerability that is also in use.
The malware is known to have the following impacts:
- During installation of the malware, the gateway’s user password may be stolen and sent to the malware’s command and control This may allow the gateway to be re-infected later if the malware is removed but the user password is not changed.
- The malware will periodically contact a command and control server for instructions and potentially participate in a Distributed Denial of Service (DDoS) This may result in significant unexpected wireless data charges.
All users with AirLink gateways and routers that are reachable from the public internet are advised to contact Sierra Wireless immediately for assistance.
Sierra Wireless Technical Support 1-877-552-3860 (free of charge)
6:00am – 5:00pm Pacific Time, Monday to Friday.
The technical support team will assist users to remove any malware that is present and perform the following protective steps:
- Register devices in AirLink Management Service (ALMS) to provide secure remote management; ALMS will be provided free of charge.
- Disable remote access to ACEmanager
- Enable Trusted IP / Friends List
- Update the gateway User password
Sierra Wireless is developing a firmware update that will address the newly discovered vulnerability and implement additional hardening measures. Users who are registered for product or security updates on the Source will receive automatic notification when the firmware update is available.
Further Information Contact USAT: