securitybreach Posted January 19, 2020 Share Posted January 19, 2020 Quote A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet. According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. These types of lists -- called "bot lists" -- are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware. These lists are usually kept private, although some have leaked online in the past, such as a list of 33,000 home router Telnet credentials that leaked in August 2017. To our knowledge, this marks the biggest leak of Telnet passwords known to date............... https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/ 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 19, 2020 Share Posted January 19, 2020 Weeeeeeeeeee! What fun! 1 Quote Link to comment Share on other sites More sharing options...
ebrke Posted January 19, 2020 Share Posted January 19, 2020 I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 19, 2020 Share Posted January 19, 2020 Yeah, it's bad enough that the NSA has video (from your IoT fridge) on their servers of you sneaking into the kitchen at night in your underwear to swipe that last piece of chocolate meringue pie your spouse was saving for lunch tomorrow. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 19, 2020 Author Share Posted January 19, 2020 Its just like it was in 80s-mid 90s of computing, security hasn't caught up with the technology yet. There is no such thing as security on LoT devices yet. 1 Quote Link to comment Share on other sites More sharing options...
Robert Posted January 19, 2020 Share Posted January 19, 2020 My router allows you to make Virtual Lans so I made one for the TVs and Blu-Ray player, and a second for the video security system. Hopefully this is enough extra security to protect my computer. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 19, 2020 Share Posted January 19, 2020 It's not your computer you need to protect. It's your PRIVACY. 1 Quote Link to comment Share on other sites More sharing options...
lock3M Posted April 17, 2020 Share Posted April 17, 2020 On 1/19/2020 at 11:25 PM, ebrke said: I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology. Seriously, I know a family who installed internet enabled cameras through their whole property, outside/inside almost every corner of the house, you can watch by connecting to it. When me and a few of my friend went there for an "opening" party, just to congratulate them with their first finished home, my friend who is a developer, got inside the cameras on his phone in 5 minutes. Cameras were not password protected and their WiFi was extremely easy to crack for him. Good thing he was the one who did it, because I don't want to even think of the consensuses. Another thing I can't understand, is the gps systems in peoples watches and then they get angry for companies logging their physical travelling habits like google does. There are literally hundreds of alternatives, but internet access is somehow so welcomed in every device 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted April 17, 2020 Author Share Posted April 17, 2020 Well we are back into the same thing that was occurring in the early days of computing. Once again, we have a gap between technology and security. These IoT devices were sold without any security in place and that is why they are getting attacked. Until companies start securing the devices before they are sold, this will continue to be more of an issue. There is no such thing as antivirus, malware blocker, firewall, etc. on these embedded devices. Luckily most run an embedded linux kernel but the rest of the systems are vulnerable to attacks. Heck, all of the new vehicles are connected to the internet as well. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.