India- A hacker leaked passwords of over 5 lakh IoT devices


(MENAFN- NewsBytes) With the rise of internet-connected devices, from phones and televisions to 'smart' lights, hackers now have new targets to breach into people's homes, harass them in horrifying ways.

There have been numerous IoT hacks lately and the number could rise further as a hacker has leaked the passwords of more than half a million smart gadgets, including servers, routers, and smart-home devices.

Here's more.

Details Telnet credentials for servers, IoT devices exposed
India- A hacker leaked passwords of over 5 lakh IoT devices Image

The hacker posted credentials stolen from over 515,000 devices on a hacker forum.

According to ZDNet , the list included each device's IP address as well as the username and password for its telnet service, the network protocol used to access and control a device over the internet.

Basically, telnet ports allow remote control of devices over the internet or LAN.

Hack How the hacker got these credentials

In order to get hold of these credentials, the hacker scanned the entire internet and looked for devices exposing their telnet ports.

Then, after finding them, the person tried different techniques to predict their username-password combinations and compile the list.

Among various used methods, the hacker tried using default username-password combinations as well as some commonly used ones.

Risk Now, this puts all 515,000 devices at risk

The telnet username-passwords and their open availability on the internet puts all the 515,000 devices at risk.

This allows a malicious threat actor to use the passwords to break into telnet ports and control IoT devices, install the malware in them.

Imagine a hacker being able to control your home security camera, smart Android television or light bulbs. Scary!

Important Some credentials could be outdated now
India- A hacker leaked passwords of over 5 lakh IoT devices Image

While the authenticity of the leaked credentials has not been verified (as that requires logging in and breaking into devices), the date on the leaked list is from October-November.

This means that some of the devices might have moved to a different IP address or could be using a different username/password now.

Notably, ZDNet recently scanned the internet and found many vulnerable/misconfigured home/enterprise devices.

Information So, how to stay protected?

The ISPs and server owners hosting the vulnerable devices are being notified, but until they roll out security patches, users with IoT devices, routers are recommended to head over to the management portal of the device they have and change its factory-set, default password immediately.

MENAFN2101202001650000ID1099580304


NewsBytes

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.