Language: rus ukr eng


Monday, 16 June
Mobile version  | RSS
News Ukraine Russia Peace Business Society Artistic and Culture Sports Policy PE Science and Health Photo Report Video

The network has leaked passwords to create an effective botnet

31 August 2017, 11:24 | Technologies
photo InternetUA
Text Size:

Factory logins and passwords, as well as IP addresses of thousands of vulnerable devices related to the Internet of things were published by unknown people on Pastebin. Com. Although the publication itself took place in June, it was noticed only last week.

Harnessing a botnet.

On the network resource Pastebin were laid out the factory logins and passwords to thousands of Internet devices things, as well as IP-addresses of specific equipment. The publication was discovered by several well-known researchers in the field of information security.

In total, the list listed pre-installed Telnet-logins and passwords to more than 1,700 models of various "smart" devices, and more than 33 thousand. IP Addresses.

After examining the list, Victor Gevers, the head of GDI Foundation, discovered that in reality only 8233 IP-addresses were unique, the rest was accounted for by duplicates. At the same time more than 2170 devices were still open for access through Telnet, and 1775 of them were accessible through factory logins and passwords.

Jevers has been sending emails to vulnerable device owners since last week, most of which turned out to be routers, and providers whose networks these devices were identified with. More than 2 thousand. Letters, and Jawers said that he was pleased with the subsequent reaction: the settings of many devices changed.

Remarkably, some of these open routers were "traps" (honeypots), set up specifically for intruders. But not all.

A drop in the sea.

"The list discovered is certainly a drop in the bucket," says Georgy Lagoda, CEO of SEC Consult Services. "There are billions of IoT devices in the world, and the idea of ??changing preinstalled passwords for users is still not very popular. In addition to changing passwords, it is superfluous to check such devices for resistance to burglary. For this, there are special software solutions, such as, for example, IoT Inspector (iot-inspector. Com) ».

Lagoda also noted that incomplete two thousand vulnerable devices can easily be turned into an effective botnet. Fortunately, this time it was possible to avoid.



Security experts have been worrying for several years about the level of security of Internet devices of things: their software shells are full of vulnerabilities, and factory logins and passwords too often remain unchanged.

Last year, the Mirai botnet, consisting of such devices, was used to implement a powerful DDoS attack. The damage was significant, but on the other hand the issue of Internet security of things attracted everyone's attention.




Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer 
News archive "Technologies"
Ad
Теплее всего
в  Украина  |  Россия  |  Все
© 2009 - 2025 NewsMe. All rights reserved.
The site administration is not responsible for information what put in, as well as its reliability. Use material NewsMe permitted only for reference (for internet issues - hyperlinks) on NewsMe.com.ua.

Наши проекты: