5.000 without Telnet password routers. Nothing to see here! go ahead!

Brazil ISP open routers Shodan

A Brazilian ISP seems to have deployed routers without a Telnet password to almost 5.000 customers, leaving open devices to abuse.

The devices were discovered by Ankit Anubhav, Principal Investigator of NewSky Security, a cyber security company specializing in security Internet of Things.

All exposed devices are routers that Datacom ISP – Oi Internet – provided to customers. Anubhav says it has identified three types of routers Datacom – DM991CR, DM706CR and DM991CS.

Enter ENTER to hack

Some devices had a Telnet password, but most allow anyone to alter signed in to the router and its configuration.

Brazil open routers

“This is not a problem with the device architecture, but a bad configuration of devices, since its telnet is exposed to the outside world without any challenge”, Anubhav disse to Bleeping Computer.

The researcher pointed to one of the router manual that suggests that the devices come with a Telnet service with no password by default, which means that users must set up one myself.

The Bleeping Computer tried to contact the Hi Internet, but they were greeted only by robots automated chat and staff who did not speak English. The NewSky Security told Bleeping Computer that notified the CERT Brazil on routers exposed, requesting that the local agency contact him the operator with their findings and present a solution to protect the exposed devices.

Take control of the devices is a piece of cake

Take these routers is very easy for attackers, they can write automated scripts that take advantage of the lack of a Telnet password to net routers exposed in a botnet.

“The IoT attacks can be simplified into three levels: Level 0 (device without authentication header), Level 1 (guessing a weak password / pattern) and Level 2 (using an IoT operation to gain access)”, explica Anubhav.

“Although IoT attackers are becoming more sophisticated with time, with NewSky Security seeing an increase in the level of attacks 2, We can also observe that the easiest attack vector (using a level of attack 0 for controlling a device authentication) It is still very relevant in 2018 , thanks to the owners exhibiting their devices without even set a password. ”

“Set a strong password and keep your updated IoT device limits the invaders to use a day brutality session zero or long, both options are not very profitable for most invaders, making the device safe”, He added the expert.

The Bleeping Computer refrained from sharing the Shodan search queries that expose these devices to give owners of devices and ISP longer to protect their devices.

 

Source: www.bleepingcomputer.com

Share Article:

Considered an invitation do introduced sufficient understood instrument it. Of decisively friendship in as collecting at. No affixed be husband ye females brother garrets proceed. Least child who seven happy yet balls young. Discovery sweetness principle discourse shameless bed one excellent. Sentiments of surrounded friendship dispatched connection is he. Me or produce besides hastily up as pleased.

Leave a Reply

Your email address will not be published. Required fields are marked *

Lillian Morgan

Endeavor bachelor but add eat pleasure doubtful sociable. Age forming covered you entered the examine. Blessing scarcely confined her contempt wondered shy.

Follow on Instagram

Recent Articles

  • All Post
  • Remote access
  • CCTV
  • electrical
  • electronics
  • Computing
  • English
  • Linux
  • News
  • Network
  • Safety
  • Telephony
  • Uncategorized
  • Windows

Dream Life in Paris

Questions explained agreeable preferred strangers too him her son. Set put shyness offices his females him distant.

Join the family!

Sign up for our newsletter.

You have been successfully registered! Ops! Something went wrong, please, try again.
Edit Template

© 2023 Created with Royal Elementor Addons