Hackers don’t attack blindly, and they always rely upon the one piece of information they know it’s going to help. People are behind all IoT devices, and people make mistakes. One of the most common mistakes is never changing the default passwords or choosing weak ones. By using Bitdefender’s telemetry, we take a closer look at what are the most common credentials criminals use when trying to compromise IoT devices.
Many people buy or set up various IoT devices in their homes and they either don’t bother changing the default access credentials or choose something simple that can be entered quickly. Routers are particularly susceptible to this practice, and they are especially vulnerable because they’re also home “guardians,” often lording over entire networks of other IoT devices.
People’s poor cybersecurity practices are well known in the industry, but criminals also use this information. So, when they develop malware and scanners capable of compromising IoT devices, they often use some of these bad habits against users.
Bitdefender is in a unique position to see what attackers actually do when trying to compromise a device. They will often deploy dictionary attacks, using a list of common usernames and passwords that might fit, knowing there’s a good chance the victims failed to change them.
Bitdefender sets up a network of honeypots that mirror real hardware criminals will find in the wild. This hardware is carefully monitored and allows security researchers to follow every step a hacker takes during the attack, including credentials.
Telnet honeypots
The Telnet protocol has been around for many years, and it’s still in use today, although some companies have started to phase it out. It has serious security issues, and it shouldn’t remain open when not in use. Making matters worse, some manufacturers enable it by default in devices, making them vulnerable to attacks.
Some of the credentials in the following list reflect the targeted hardware, revealing default usernames and passwords and some poor user choices. Also, some of the password entries are empty because users sometimes disable the password.
|
Usernames
|
Passwords
|
|
admin
|
CenturyL1nk
|
|
root
|
xc3511
|
|
admin
|
admin
|
|
root
|
Zte521
|
|
root
|
root
|
|
root
|
Pon521
|
|
default
|
default
|
|
admin
|
|
|
root
|
admin
|
|
root
|
vizxv
|
|
support
|
support
|
|
root
|
|
|
root
|
123456
|
|
guest
|
guest
|
|
admin
|
1234
|
|
root
|
default
|
|
guest
|
12345
|
|
default
|
S2fGqNFs
|
|
default
|
OxhlwSG8
|
|
default
|
|
SSH honeypots
Even if SSH is considered more secure than Telnet, weak or default passwords remain a problem. While the communication through SSH is encrypted, it doesn’t really help if the attacker can guess the credentials.
Some of you will likely recognize the default credentials in the following list because some known manufacturers implement them. SSH is the preferred way of accessing remote devices, but users will sometimes use the default credentials.
|
Usernames
|
Passwords
|
|
nproc
|
nproc
|
|
knockknockwhosthere
|
knockknockwhosthere
|
|
admin
|
admin
|
|
pi
|
raspberry
|
|
root
|
root
|
|
pi
|
raspberryraspberry993311
|
|
root
|
admin
|
|
user
|
user
|
|
support
|
support
|
|
admin
|
password
|
|
admin
|
|
|
root
|
123456
|
|
ubnt
|
ubnt
|
|
admin
|
7ujMko0admin
|
|
root
|
1234
|
|
guest
|
guest
|
|
root
|
password
|
|
admin
|
1234
|
|
0
|
0
|
|
0101
|
0101
|
Generic IoT devices
People can access some of the IoT devices through web interfaces, not just Telnet or SSH. Of course, attackers will also attempt to compromise those devices and follow the same practices by trying combinations of default credentials or weak passwords.
|
Usernames
|
Passwords
|
|
admin
|
admin
|
|
superadmin
|
!@HuaweiHgw
|
|
user
|
user
|
|
user
|
@User1234
|
|
root
|
root
|
|
admin
|
password
|
|
admin
|
admin123
|
|
admin
|
123456
|
|
draytek
|
1234
|
|
Polycom
|
456
|
|
admin
|
Bz0NAG49
|
|
admin
|
superpass
|
|
admin
|
qP9Yh1ELd9
|
|
admin
|
qwerty
|
|
admin
|
password123
|
Best practices
If there were ever a time to change the default credentials of your IoT devices, it would be now. Bitdefender’s telemetry shows what credentials attackers attempt in their malicious campaigns. Many of their efforts to compromise devices would be thwarted by simply changing the default usernames and passwords or by improving the existing passwords.
Of course, having an ISP that looks over its customers by deploying the Bitdefender IoT Security Platform in their routers also helps. Security embedded in the router does wonders for networks, blocking attacks and advising users of vulnerabilities present in their smart homes.