Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Thousands of IoT Devices Impacted by Published Credentials List

Over 1,700 Internet of Things (IoT) devices worldwide are potentially exposed to hackers after a list containing their IPs and default login credentials emerged on

Over 1,700 Internet of Things (IoT) devices worldwide are potentially exposed to hackers after a list containing their IPs and default login credentials emerged on

Initially published in June, the list remained mostly unnoticed until last week, after high-profile security researchers retweeted a link to it. The view count for the list had stayed below 1,000 as of Thursday, August 24, but spiked above the 22,000 mark on Saturday.

The list has been updated several times since the initial post and contained over 33,000 entries at the end of last week, when it was removed from the website. For each of the 33,138 IPs on the list, Telnet credentials (username and password) were included.

After having a look at the list, Victor Gevers, chairman of the GDI Foundation, revealed that it only contained 8,233 unique IP addresses, as many entries were duplicates. He also noted that about 2,174 of the devices were still running open Telnet services, and that only around 1,775 of them could still be accessed using the credentials on that list.

Some of the insecure credentials exposed in the list include username/password pairs such as root:[blank], admin:admin, root:root, and admin:default. These have been revealed before to put a great deal of devices and users at risk.

Over the past several days, Gevers has been hard at work notifying impacted owners or ISPs of the exposed devices, most of which are routers. So far, he sent over 2000 emails to affected parties and he’s happy with the received response, Gevers told SecurityWeek on Monday morning. Over half of the reachable IPs are located in China.

“We got some nice feedback from a few ISPs because we wrote the warning emails in a way that they only need to forward them to their customers. From 2,174 reported devices 113 were direct identifiable to owners. The others we addressed to the ISPs with a request to forward our mail to their customers. In Asia we asked the GovCERTs for help getting this to the right person,” Gevers said.

He also revealed that some of the IPs were honeypots, and that the organizations operating them have already contacted him on the matter. A newly performed scan has revealed some changes in the number of devices running Telnet services. Some of the devices have closed the vulnerable ports, while others opened them.

The issue of improperly secured IoT devices is not new, as botnets such as Mirai and BASHLITE have been harnessing the power of such devices to launch massive distributed denial of service (DDoS) attacks.

According to Gevers, however, the response received to the warnings sent over the past week were encouraging: “People are taking action. We saw some devices being secured on Sunday morning, others on Saturday evening. Before, an email sent on Friday afternoon wouldn’t receive a response until Monday, at best.”

What Gevers couldn’t reveal was the number of devices still impacted. The scan was ongoing at the time of this article.

Related: IoT Security: Where There is Smoke, There is Fire

Related: Millions of IoT Devices Possibly Affected by ‘Devil’s Ivy’ Flaw

Related: Credential Stuffing: a Successful and Growing Attack Methodology

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Endpoint Security

Red Hat announced on Tuesday the general availability of a malware detection service for Red Hat Enterprise Linux (RHEL) systems.