List of thousands of wide-open IoT devices leaked

By

Telnet open, responding to default credentials.

A list containing internet protocol (IP) addresses for thousands of devices allowing full access has been published, sparking fears of a new denial of service botnet.

List of thousands of wide-open IoT devices leaked

Security researcher Ray Watson tweeted the discovery of the list. It initially appeared to lead to some 33,000 devices running the clear-text telnet remote access service, allowing log-ins with default credentials such as admin/admin, or no authentication.

Another security researcher, Victor Gevers of the GDI Foundation, sorted the list and found it only contained 8233 unique IP addresses.

After further analysis, Gevers found that 1775 of the IP addresses on the list responded to telnet connections.

Most of the devices are China and other Asian countries.

Gevers told iTnews providers are alerting users that they are running systems open to abuse and closing down access.

The Pastebin account that published the list of open systems also contained scripts with names such as "Mirai Bots", indicating that it was compiled for malicious purposes.

Botnets created with malware such as Mirai have been used to cause widespread outages through denial of service attacks, by commandeering internet of things devices such as networked cameras.

Pastebin has since removed the list, but not before it was viewed more than 20,000 times.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Log In

  |  Forgot your password?