Have you set your IP address to a mere 123456 or admin? Keep your eyes peeled then. You might fall prey to a destructive botnet attack. The Internet Protocol (IP) addresses with full login details have gone mainstream. It appears to be of some 33000 IoT devices exhibiting the Telnet credentials.
The sprawling data of the username and password could enable anyone to access your home router or your ‘Internet of things’ devices.
The list of unsecured devices has remained obscure since June. But it only became viral after a Twitter post by Ray Watson, a security researcher on August 24. It had originally been put up on a Pastebin account.
— Ray Watson (@rayjwatson) August 24, 2017
The Chairman of GDI Foundation, Victor Gevers has rectified the error note and reported that it only contained unique 8233 IP addresses. The Netherland based non-profit internet security researcher also found that out of the 8233, 2174 hosts still operate the open telnet services. While 1774 of this active telnet service are open to hack with the leaked credentials.
Gevers also noted that this spilled information belongs majorly to the Chinese users (61 percent), seconded by other Asian countries.
From the 8,233 hosts about 2,174 are still running an open telnet services and some of them still accessible with the leaked credentials. pic.twitter.com/umbNhYwAGV
— Victor Gevers (@0xDUDE) August 25, 2017
He has further sent out an alert that these accessible systems are vulnerable to abuse and can close down your right to entry as well.
The said 8233 IP addresses are observed to display just a mere 144 unique set of username and password. Yet even out of these, the vast majority were default-factory settings.
Security researcher, Troy Hunt points out how this leak can turn the current situations more worse than ever. “There’s not much new about devices standing out there with default or weak credentials. However, a list such as we’re seeing on Pastebin makes a known bad situation much worse as it trivializes the effort involved in other people connecting to them. A man and his dog can now grab a readily available list and start owning those IPs.”
The Pastebin dump exhibited scripts tagged as ‘Mirai Bots’ and ‘Bashlight’, which indicates to a malicious network system. Through the denial of service attacks, these botnets can infect security cameras, modems, internet-connected devices, etc.
The ready availability of these IP addresses brings a single device at a risk of attack from multiple groups.
Although Pastebin has removed the dangerous list from the web, it had been viewed 20000 times before being taken down.
Security experts advise you to replace your default passwords to a strong one, going up to 12 or more characters. Also, ensure that you have tightened your security system with a more trustable firmware. Moreover, you should keep changing your passwords from time to time and keep up with the latest security updates.