Jump to content

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

securitybreach

By securitybreach
in Security & Networking

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted
Quote

 

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.

 

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

 

According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

These types of lists -- called "bot lists" -- are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware.

 

These lists are usually kept private, although some have leaked online in the past, such as a list of 33,000 home router Telnet credentials that leaked in August 2017. To our knowledge, this marks the biggest leak of Telnet passwords known to date...............

 

 

 

https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

  • Thanks 2
Link to comment
Share on other sites
ebrke

ebrke

Posted
Posted

I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology.

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted

Yeah, it's bad enough that the NSA has video (from your IoT fridge) on their servers of you sneaking into the kitchen at night in your underwear to swipe that last piece of chocolate meringue pie your spouse was saving for lunch tomorrow. ;)

  • Haha 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted

Its just like it was in 80s-mid 90s of computing, security hasn't caught up with the technology yet. There is no such thing as security on LoT devices yet.

  • Like 1
Link to comment
Share on other sites
Robert

Robert

Posted
Posted

My router allows you to make Virtual Lans so I made one for the TVs and Blu-Ray player, and a second for the video security system. Hopefully this is enough extra security to protect my computer.

Link to comment
Share on other sites
  • 2 months later...
lock3M

lock3M

Posted
Posted
On 1/19/2020 at 11:25 PM, ebrke said:

I really am not a luddite (I hope), but it seems to me that 95% of the devices now being sold with internet connectivity don't need it or shouldn't have it. Result is people who don't know how to properly handle security for the devices get in trouble and sue the manufacturer. It's a very rare that my sympathy is with the manufacturer, but in these cases it usually is. I try not to be judgmental, but people who put an internet enabled camera in their child's room are begging for a bad outcome if they're not smart enough to recognize their limitations with technology.

Seriously, I know a family who installed internet enabled cameras through their whole property, outside/inside almost every corner of the house, you can watch by connecting to it. When me and a few of my friend went there for an "opening" party, just to congratulate them with their first finished home, my friend who is a developer, got inside the cameras on his phone in 5 minutes. Cameras were not password protected and their WiFi was extremely easy to crack for him. Good thing he was the one who did it, because I don't want to even think of the consensuses. Another thing I can't understand, is the gps systems in peoples watches and then they get angry for companies logging their physical travelling habits like google does. There are literally hundreds of alternatives, but internet access is somehow so welcomed in every device 

  • Agree 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted

Well we are back into the same thing that was occurring in the early days of computing. Once again, we have a gap between technology and security. These IoT devices were sold without any security in place and that is why they are getting attacked. Until companies start securing the devices before they are sold, this will continue to be more of an issue. There is no such thing as antivirus, malware blocker, firewall, etc. on these embedded devices. Luckily most run an embedded linux kernel but the rest of the systems are vulnerable to attacks.

 

Heck, all of the new vehicles are connected to the internet as well.

  • Agree 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...