Common Credentials Criminals Use in IoT Dictionary Attacks Revealed

Silviu STAHIE

November 30, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Common Credentials Criminals Use in IoT Dictionary Attacks Revealed

Hackers don’t attack blindly, and they always rely on the one piece of information they know will help. Behind all IoT devices are humans, and humans make mistakes. One of the most common mistakes is keeping default passwords or choosing weak ones. Bitdefender’s telemetry reveals the most common credentials criminals use when trying to compromise IoT devices.

Many people buy or set up IoT devices in their homes and either don’t bother changing the default access credentials or they choose something simple that can be entered quickly. Routers are particularly susceptible to this practice, and they are especially vulnerable because they’re also home “guardians,” often lording over entire networks of other IoT devices.

People’s poor cybersecurity practices are well known in the industry, but criminals also exploit this information. So, when they develop malware and scanners capable of compromising IoT devices, they often use some of these bad habits against users.

Bitdefender is in a unique position to see what attackers actually do when trying to compromise a device. They often deploy dictionary attacks, using a list of common usernames and passwords that might fit, knowing there’s a good chance the victims failed to change them.

Bitdefender runs a network of honeypots that mirror real hardware criminals will find in the wild. This hardware is carefully monitored and allows security researchers to follow every step a hacker takes during the attack, including with credentials.

Telnet honeypots

The Telnet protocol has been around for years and is still in use today, although some companies have started to phase it out. It has serious security issues and shouldn’t remain open when not in use. Making matters worse, some manufacturers enable it by default in devices, making them vulnerable to attacks.

Some of the credentials in the following list reflect the targeted hardware, revealing default usernames and passwords and some poor user choices. Also, some of the password entries are empty because users sometimes disable the password.

Usernames

Passwords

admin

CenturyL1nk

root

xc3511

admin

admin

root

Zte521

root

root

root

Pon521

default

default

admin

 

root

admin

root

vizxv

support

support

root

 

root

123456

guest

guest

admin

1234

root

default

guest

12345

default

S2fGqNFs

default

OxhlwSG8

default

 

SSH honeypots

Even if SSH is considered more secure than Telnet, weak or default passwords remain a problem. While the communication through SSH is encrypted, it doesn’t really help if the attacker can guess the credentials.

Some of you will likely recognize the default credentials in the following list because some known manufacturers implement them. SSH is the preferred way of accessing remote devices, but users will sometimes keep the default credentials.

Usernames

Passwords

nproc

nproc

knockknockwhosthere

knockknockwhosthere

admin

admin

pi

raspberry

root

root

pi

raspberryraspberry993311

root

admin

user

user

support

support

admin

password

admin

 

root

123456

ubnt

ubnt

admin

7ujMko0admin

root

1234

guest

guest

root

password

admin

1234

0

0

0101

0101

Generic IoT devices

People can access some IoT devices through web interfaces, not just Telnet or SSH. Of course, attackers will also attempt to compromise those devices and follow the same practices by trying combinations of default credentials or weak passwords.

Usernames

Passwords

admin

admin

superadmin

!@HuaweiHgw

user

user

user

@User1234

root

root

admin

password

admin

admin123

admin

123456

draytek

1234

Polycom

456

admin

Bz0NAG49

admin

superpass

admin

qP9Yh1ELd9

admin

qwerty

admin

password123

Best practices

If there were ever a time to change the default credentials of your IoT devices, it would be now. Bitdefender’s telemetry shows what credentials attackers attempt in their malicious campaigns. Many of their efforts to compromise devices would be thwarted by simply changing default usernames and passwords or by improving the existing passwords.

Of course, having an ISP that looks over its customers by deploying the Bitdefender IoT Security Platform in their routers also helps. Security embedded in the router does wonders for networks, blocking attacks and advising users of vulnerabilities present in their smart homes.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader