While searching for new smart device threats an Avira honeypot has discovered a password even more insecure than “admin” or “12345”.
“The most commonly used credential is blank, which means that the attackers just enter an empty username and password. This is even more common than admin,” explained Avira threat analyst Hamidreza Ebtehaj in a blog post.
In this case, credentials are a two-part combination of the username and password hackers enter into the company’s smart device honeypot while attacking it. Attacks with blank or empty credential slots made up 25.6 percent of all credentials entered and vastly outnumber the other top username and password combinations.
Blank credentials even exceeded other default IoT credentials such as “admin/QWestModem” and admin/airlive” (24%) and the collection of general default credentials (23.4%) such as “admin/admin”, “support/support” and “root/root”.
Avira’s research also found that the top credential pairs were “root/xc3511” and “default/S2fGqNFs” as they belong to two internet connected web cams which are available under a number of different names.
Smart device security
The honeypot set up by Avira mimics the features and behaviors of connected devices such as routers and smart IoT devices in an effort to draw in hackers. As the honeypot makes itself visible and seemingly vulnerable online, it uses the Telnet, Secure Shell and Android Debug Bridge protocols which are most commonly used with smart devices.
Smart device attacks are made up of two largely automated phases. During the first phase a target is selected and this is done by IP/port scanning. The second phase is when the hackers work to infect the identified device and here Avira’s honeypot plays a critical role. In addition to recording the credentials used by hackers during the attack, the honeypot also collects data on infection vectors, malicious scripts and malware.
While smart devices are often criticized for their insecurity and the fact that many users do not change their default passwords, Hamidreza explained that much of the blame rests on device manufacturers and developers, saying:
“Common users have no knowledge of these protocols and they are not even aware that their devices might be accessible by hackers. We can’t expect users to log into a terminal and change the configuration of the protocols they have not even heard of.”
To avoid falling victim to a smart device attack, Avira recommends doing a search online for any reported potential vulnerabilities in a device before purchasing it, checking devices for firmware updates to patch any known vulnerabilities or issues and scanning your network for open ports that could be inviting hackers in.