BACK

IoT Device Hack

Last week a hacker published an extensive list of Telnet credentials for more than 515,000 servers, home routers, and IoT smart devices being compromised. The list of credentials was published on a popular hacking forum, the list included each device’s IP address, along with a username and password for the Telnet service (Telnet is a …

  • 27 Jan 2020
  • DigitalXRAID
2 min read
IoT Device Hack

Last week a hacker published an extensive list of Telnet credentials for more than 515,000 servers, home routers, and IoT smart devices being compromised.

The list of credentials was published on a popular hacking forum, the list included each device’s IP address, along with a username and password for the Telnet service (Telnet is a remote access protocol that can be used to control devices over the internet).

The list was compiled by the attacker after scanning was conducted against the internet for devices that had the Telnet port globally accessible. The attacker was able to gain access to these devices by using factory-set default usernames and passwords, or custom, but easy-to-guess password combinations.

It is common practice for attackers to scan the internet for devices that can be compromised, these are often IoT devices as they often have weaker security than conventional internet connected devices. These devices are compiled into lists, known as “bot lists” and subsequently become compromised by malicious actors for use in further attacks.

In this case the attacker leaked the details of all these devices however some of the IP addresses may have since changed due to them not having static IP configurations.

In most cases these poorly configured devices are not evenly spread out across the internet but are instead clustered on the network of one single ISP. This is due to the ISP failing to further secure the device by disabling ports such as Telnet and not changing default passwords on the devices, this leaves them extremely vulnerable.

An attacker could use the IP addresses included in the lists, determine the service provider, and then re-scan the ISP’s network to update the list with the latest IP addresses allowing them to conduct further attacks.

How can you avoid being a victim?

When buying IoT devices you should always check if they have been tested for security. We see more and more devices coming into the market built for functionality and not security.

Another tip is to always change the default password, we recommend using a password manager that will create a strong password for you.

 

 

Blog Details
  • 27 Jan 2020
  • DigitalXRAID

Newest Articles.

View all
  • 29 Jun 20

    Why Councils Are Being Targeted By Hackers

    Read Article logo
  • 07 May 20

    How Managed Cyber Security Can Solve Your Problems

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

  • Cyber Essentials Basic Pass Guarantee - £950

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern