Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Thousands of IoT Devices Impacted by Published Credentials List

Over 1,700 Internet of Things (IoT) devices worldwide are potentially exposed to hackers after a list containing their IPs and default login credentials emerged on Pastebin.com.

Over 1,700 Internet of Things (IoT) devices worldwide are potentially exposed to hackers after a list containing their IPs and default login credentials emerged on Pastebin.com.

Initially published in June, the list remained mostly unnoticed until last week, after high-profile security researchers retweeted a link to it. The view count for the list had stayed below 1,000 as of Thursday, August 24, but spiked above the 22,000 mark on Saturday.

The list has been updated several times since the initial post and contained over 33,000 entries at the end of last week, when it was removed from the website. For each of the 33,138 IPs on the list, Telnet credentials (username and password) were included.

After having a look at the list, Victor Gevers, chairman of the GDI Foundation, revealed that it only contained 8,233 unique IP addresses, as many entries were duplicates. He also noted that about 2,174 of the devices were still running open Telnet services, and that only around 1,775 of them could still be accessed using the credentials on that list.

Some of the insecure credentials exposed in the list include username/password pairs such as root:[blank], admin:admin, root:root, and admin:default. These have been revealed before to put a great deal of devices and users at risk.

Over the past several days, Gevers has been hard at work notifying impacted owners or ISPs of the exposed devices, most of which are routers. So far, he sent over 2000 emails to affected parties and he’s happy with the received response, Gevers told SecurityWeek on Monday morning. Over half of the reachable IPs are located in China.

“We got some nice feedback from a few ISPs because we wrote the warning emails in a way that they only need to forward them to their customers. From 2,174 reported devices 113 were direct identifiable to owners. The others we addressed to the ISPs with a request to forward our mail to their customers. In Asia we asked the GovCERTs for help getting this to the right person,” Gevers said.

He also revealed that some of the IPs were honeypots, and that the organizations operating them have already contacted him on the matter. A newly performed scan has revealed some changes in the number of devices running Telnet services. Some of the devices have closed the vulnerable ports, while others opened them.

Advertisement. Scroll to continue reading.

The issue of improperly secured IoT devices is not new, as botnets such as Mirai and BASHLITE have been harnessing the power of such devices to launch massive distributed denial of service (DDoS) attacks.

According to Gevers, however, the response received to the warnings sent over the past week were encouraging: “People are taking action. We saw some devices being secured on Sunday morning, others on Saturday evening. Before, an email sent on Friday afternoon wouldn’t receive a response until Monday, at best.”

What Gevers couldn’t reveal was the number of devices still impacted. The scan was ongoing at the time of this article.

Related: IoT Security: Where There is Smoke, There is Fire

Related: Millions of IoT Devices Possibly Affected by ‘Devil’s Ivy’ Flaw

Related: Credential Stuffing: a Successful and Growing Attack Methodology

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

The Zero Day Dilemma

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...