Wikipedia defines Internet of Things as:
Image by: Wikipedia
The Internet of things (IoT) is the inter-networking of physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to collect and exchange data.
It’s basically any object that is connected to the internet. It can be anything from your smart phone, your fitbit, your CCTV Camera, DVR, or your home wi-fi router.
Most of the owners don’t bother changing the default username and passwords. In in many cases, default usernames and passwords are just too easy to guess. The most common ones are admin:admin, admin:password, admin/<blank>, admin:0000, user:user, root:12345 and support:support
This well-known vulnerability has become an easy target for exploitation. Millions of devices has become susceptible to attack where attackers can easily gain access to these devices and add them to a botnet of IoT equipment which can serve as an instrument for a DDOS (Distributed-Denial-Of-Service) on a particular victim network.
Mirai Botnet scans on port 23/2323 and 7547* and uses a brute force technique for guessing passwords based on the following list:
- root xc3511
root vizxv
root admin
admin admin
root 888888
root xmhdipc
root default
root juantech
root 123456
root 54321
support support
root (none)
admin password
root root
root 12345
user user
admin (none)
root pass
admin admin1234
root 1111
admin smcadmin
admin 1111
root 666666
root password
root 1234
root klv123
Administrator admin
service service
supervisor supervisor
guest guest
guest 12345
guest 12345
admin1 password
administrator 1234
666666 666666
888888 888888
ubnt ubnt
root klv1234
root Zte521
root hi3518
root jvbzd
root anko
root zlxx.
root 7ujMko0vizxv
root 7ujMko0admin
root system
root ikwb
root dreambox
root user
root realtek
root 00000000
admin 1111111
admin 1234
admin 12345
admin 54321
admin 123456
admin 7ujMko0admin
admin 1234
admin pass
admin meinsm
tech tech
mother f**er [censored]
On port TCP 7547* – i find a lot of instance of home and business-grade modems has this port open, I once talked to an Australian ISP and they themselves are unable to tell me exactly what this port is used for, or why are they open. The easiest excuse they told me is this port is “reserved” for remote management. Which by that purpose itself is a dangerous vulnerability. 😦 The option they gave us to mitigate the vulnerability was to replace that basic modem with a commercial-grade firewall that will shouldered by the customer.
However, once Mirai gain access to the device, the botnet code is not store on the device and can be purged once the infected device is restarted. Well, that’s good news, atleast. But, a more resilient and robust IoT botnet n the coming months can be expected with the rise of popularity and widespread use of IoT and lack of awareness for its users getting rid of the default usernames and to secure the credentials which include setting a stronger passwords.
marktugbo.com 