Skip to main content

Persistence in Linux-Based IoT Malware

Brierley, Calvin, Pont, Jamie, Arief, Budi, Barnes, David J., Hernandez-Castro, Julio C. (2021) Persistence in Linux-Based IoT Malware. In: Lecture Notes in Computer Science. Secure IT Systems. 12556. pp. 3-19. Springer E-ISBN 978-3-030-70852-8. (doi:10.1007/978-3-030-70852-8_1) (KAR id:84209)

PDF Author's Accepted Manuscript
Language: English
Download (995kB) Preview
[thumbnail of Persistence_in_IoT_Malware_Camera_Ready.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL:


The Internet of Things (IoT) is a rapidly growing collection of “smart” devices capable of communicating over the Internet. Being connected to the Internet brings new features and convenience, but it also poses new security threats, such as IoT malware. IoT malware has shown similar growth, making IoT devices highly vulnerable to remote compromise. However, most IoT malware variants do not exhibit the ability to gain persistence, as they typically lose control over the compromised device when the device is restarted. This paper investigates how persistence for various IoT devices can be implemented by attackers, such that they retain control even after the device has been rebooted. Having persistence would make it harder to remove IoT malware. We investigated methods that could be used by an attacker to gain persistence on a variety of IoT devices, and compiled the requirements and potential issues faced by these methods, in order to understand how best to combat this future threat. We successfully used these methods to gain persistence on four vulnerable IoT devices with differing designs, features and architectures. We also identified ways to counter them. This work highlights the enormous risk that persistence poses to potentially billions of IoT devices, and we hope our results and study will encourage manufacturers and developers to consider implementing our proposed countermeasures or create new techniques to combat this nascent threat.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1007/978-3-030-70852-8_1
Uncontrolled keywords: IoT · security · malware · persistence · attack · proof of concept
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 16 Nov 2020 11:34 UTC
Last Modified: 09 Dec 2022 06:24 UTC
Resource URI: (The current URI for this page, for reference purposes)
Pont, Jamie:
Arief, Budi:
Barnes, David J.:
Hernandez-Castro, Julio C.:
  • Depositors only (login required):


Downloads per month over past year