Knowledge Base  /  News

Reaper, Botnets, and AVTECH Security

This week it was announced that a new IoT botnet malware called Reaper was spreading quickly around the internet, infecting over one million devices in a short period of time.

What makes this botnet concerning is how sophisticated it is. Unlike the Mirai botnet which used default device passwords to spread, Reaper has the ability to crack passwords and exploit other vulnerabilities in order to infect devices.

Reaper has not begun spreading any malicious traffic as of yet, but it does have the potential to trigger DDoS attacks among the internet.

We wanted to discuss the impact of malware on IoT devices because once again, the malware in the news is reported to have infected IP cameras made by AVTech Taiwan, a company that shares part of our name but has no other relation to us. AVTECH Software, Inc. does not manufacture any IP cameras, however our Room Alert monitors do exist in the IoT space.

Reaper and Room Alert’s Security 

As we noted last year when the Mirai botnet began to make news, AVTECH takes several security precautions when it comes to securing and protecting our hardware, software, and devices.

Room Alert is firmly within the IoT sphere, as it’s designed to send alerts and notifications to users based on the environment factors it’s monitoring. Room Alert can also take automatic corrective action based on those alerts, such as turning on a water pump or fan if certain environment triggers are set up.

It’s important to note that although Room Alert is considered an IoT device, we’ve taken a good number of steps to help protect the security of our devices and our customers.

Purpose Built Firmware in Room Alert

Room Alert’s firmware is purpose built, which means that it’s specifically designed for Room Alert devices. One major security flaw with some IoT devices is tied into the firmware and software the devices run, as we’ve seen with other botnets such as Mirai last year. When IoT devices run common Linux operating system versions, or commonly used utilities such as Busybox, it’s easier to find ways to manipulate those devices from the outside. Room Alert runs a very specific firmware that’s set up to only provide the functions the devices need to monitor and report – that’s it. Room Alert does not run any embedded Linux.

Secure Monitoring with RoomAlert.com

Our Room Alert Account platform offers our customers an easy and secure way to monitor and manage Room Alert. Users can see their devices, reports, alerts, and data directly within their Room Alert Account from any internet-connected device. Those reports and data are pushed directly to RoomAlert.com from their Room Alert monitor; your Room Alert Account does not push any data back to Room Alert monitors.

Since traffic is only one way, from Room Alert monitors on the customer’s network to RoomAlert.com, there’s no need for users to open ports on their local firewalls or modify security protections. Traffic doesn’t need to get in when customers use RoomAlert.com, and users don’t need to worry about those additional open firewall ports adding additional potential points of entry from malicious traffic.

Room Alert Doesn’t Use Universal Plug and Play

Universal Plug and Play, commonly referred to as UPnP, is a protocol that’s widely used in internet-connected devices to make them easy to set up, and also allows them to discover other devices on their local networks to “talk to”. This protocol has been identified as a major vulnerability when it comes to outside malicious traffic, and has been recommended to be disabled in many instances.

Room Alert does not use UPnP to connect itself to other local network devices or RoomAlert.com for remote monitoring. Again, as we noted above Room Alert monitors use custom firmware and are designed to provide one-way traffic to our RoomAlert.com platform, the preferred way to monitor your Room Alert monitors. By not using UPnP, we’ve removed one major way IoT devices can be exploited by malicious users and traffic.

Heightened Security in the Age of IoT

Room Alert users around the world should rest assured that their environment monitors are strongly protected against intrusion or infection from outside sources. AVTECH Software, Inc. has always had an eye on security when designing Room Alert monitors, Device ManageR, and RoomAlert.com. We try to be as proactive as possible when it comes to ensuring user security, and have always done so.

If you find yourself the user of any of the affected manufacturers such as Linksys, Dlink, AVTech Taiwan, and others, please take a few moments to research the security updates that may be available for your devices. Many manufacturers have already started releasing updates that address the vulnerabilities.

Thanks to the design features noted above, AVTECH’s Room Alert is not one of the IoT devices potentially affected by Reaper. This does not mean that you should neglect other devices on your network, however. Always be proactive with your security, just as you are with your environment monitoring. Protect yourselves against intrusion, hacking, and environment-caused downtime, and your organization will enjoy increased uptime and productivity.

Note: The former GoToMyDevices online monitoring and management platform was migrated into RoomAlert.com in December 2017. For more information, please see our announcement article and FAQ

Room Alert is Made in the USA, ships worldwide from our locations in the US and EU, and has been protecting facilities since 1988.

You may find Windows Command Prompt at the following path:

  • Windows 7 & 8
    Start--> All Programs--> Accessories--> Command Prompt
  • Windows 10
    Start--> All Apps--> Windows System--> Command Prompt

To run Windows Command Prompt as an administrator:

  • Windows 7 & 8
    Right-click on Command Prompt and select Run as administrator.
  • Windows 10
    Right-click on Command Prompt, select More and then select Run as administrator.

Example Polling Method Properties saved in Orion SolarWinds:

If you are using this client, you should configure the general SNMPv3 Credentials, but leave the Read / Write SNMPv3 Credentials section blank.

Room Alert Link- Supported Firmware Updates

Current S modelsCurrent E models
Room Alert 32SRoom Alert 32E
Room Alert 12SRoom Alert 12E
Room Alert 4E
Room Alert 3E

Room Alert Manager - Compatible Devices

The latest version of Room Alert Manager supports only the devices below.

It does not support any legacy Room Alert or TemPageR models.

Current S modelsCurrent E models
Room Alert 32SRoom Alert 32E
Room Alert 12SRoom Alert 12E
Room Alert 3SRoom Alert 4E
Room Alert 3E
Room Alert 3W