Jump to content
securitybreach

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

Recommended Posts

securitybreach
Quote

 

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.

 

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

 

According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

These types of lists -- called "bot lists" -- are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware.

 

These lists are usually kept private, although some have leaked online in the past, such as a list of 33,000 home router Telnet credentials that leaked in August 2017. To our knowledge, this marks the biggest leak of Telnet passwords known to date...............

 

 

 

https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

  • Thanks 2

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Weeeeeeeeeee! What fun!

  • Like 1

Share this post


Link to post
Share on other sites
ebrke

I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology.

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Yeah, it's bad enough that the NSA has video (from your IoT fridge) on their servers of you sneaking into the kitchen at night in your underwear to swipe that last piece of chocolate meringue pie your spouse was saving for lunch tomorrow. ;)

  • Haha 1

Share this post


Link to post
Share on other sites
securitybreach

Its just like it was in 80s-mid 90s of computing, security hasn't caught up with the technology yet. There is no such thing as security on LoT devices yet.

  • Like 1

Share this post


Link to post
Share on other sites
Robert

My router allows you to make Virtual Lans so I made one for the TVs and Blu-Ray player, and a second for the video security system. Hopefully this is enough extra security to protect my computer.

Share this post


Link to post
Share on other sites
V.T. Eric Layton

It's not your computer you need to protect. It's your PRIVACY.

  • Like 1

Share this post


Link to post
Share on other sites
lock3M
On 1/19/2020 at 11:25 PM, ebrke said:

I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology.

Seriously, I know a family who installed internet enabled cameras through their whole property, outside/inside almost every corner of the house, you can watch by connecting to it. When me and a few of my friend went there for an "opening" party, just to congratulate them with their first finished home, my friend who is a developer, got inside the cameras on his phone in 5 minutes. Cameras were not password protected and their WiFi was extremely easy to crack for him. Good thing he was the one who did it, because I don't want to even think of the consensuses. Another thing I can't understand, is the gps systems in peoples watches and then they get angry for companies logging their physical travelling habits like google does. There are literally hundreds of alternatives, but internet access is somehow so welcomed in every device 

  • Agree 1

Share this post


Link to post
Share on other sites
securitybreach

Well we are back into the same thing that was occurring in the early days of computing. Once again, we have a gap between technology and security. These IoT devices were sold without any security in place and that is why they are getting attacked. Until companies start securing the devices before they are sold, this will continue to be more of an issue. There is no such thing as antivirus, malware blocker, firewall, etc. on these embedded devices. Luckily most run an embedded linux kernel but the rest of the systems are vulnerable to attacks.

 

Heck, all of the new vehicles are connected to the internet as well.

  • Agree 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...