More than 33,000+ IoT devices are faced with the danger of being hacked after their Telnet credentials were made online at Pastebin.com. Infact, these details have been on the site for as long as since June 11 but only came out in the light this week. Some information that can be obtained includes default login credentials and IPs.
The view of this list was below 1,000 as 24 August but has since exponentially risen after it was discovered by researchers. By the time of removal from the site, it had gone past 33,000. Telnet credentials (username and password) were made available for each of the IPs on this list.
These are important details that botnet herders can easily manipulate to up their denial of service attacks (DDoS).
Chairman of the GDI Foundation, Victor Gevers, had a look at the list and concluded that there are about 8,233 unique IP addresses while most of the other entries are duplicates. “Most of these devices still have open Telnet services,” he said. Majority of these can be assessed using the credentials on the list.
Different insecure credentials made public on the list include a username and password pairs including root: admin: admin, admin: default, [blank] and root: root. Many devices and users have been placed at greater risks by these.
Gevers has used a better part of his time to notify impacted owners regarding the open devices, most of which are routers. He has dispatched 2,000 over 2,000 emails to the affected families and he is contented with the response received.
China is the most affected, bearing about half of the reachable IPs.
“The feedback from a few ISPs has been commendable. We wrote these emails in such a manner that all they need to do is forward them to their customers. We also identified about 113 owners whom we contacted directly,” said Gevers.
He added that some of the IPs were a link to critical organization data and companies have contacted him over the matter. In some instances, there are changes in the devices while others have shut down the vulnerable ports.
The idea of unsecure Internet of Things devices is not new considering different botnets like BASHLITE and Mirai have over the years used the power of these devices to instigate a denial of service attacks.
“People have taken appropriate preventive measures ever since we issued warnings this week. More devices are being configured correctly to ensure their security is guaranteed. Earlier on, we would send an email and it took ages for a reply. The happenings right now are a complete opposite of what we thought would happen. That is really encouraging,” concluded Gevers.
He, however, failed to reveal the exact number of devices that are currently impacted. Scanning is still ongoing.