Testing for vulnerable IoT devices

Brian Krebs has lately been writing a lot about DVRs and cameras made by XiongMai Technologies. He reports that they are terribly insecure and many have been hacked and herded into botnets where they participate in Distributed Denial of Service (DDoS) attacks such as the one that brought down his site.

Poor security is standard practice with IoT, but these devices are especially bad. Even if their web interface is used to change the default password, the devices have hard coded Telnet and SSH passwords that can not be changed. 

Part of yesterdays DDoS attack against DYN came from the Mirai botnet, composed of assorted hacked devices that were using default passwords.

Unlike pretty much every other article on this subject, I am not going to quote a spokesperson from a security firm saying that things are really really bad. Instead, I have some hopefully useful advice, a way to test if devices in your home (or office or wherever) are vulnerable to software attacks similar to the Mirai malware. It’s far from perfect, but it’s a step in the right direction.

Source link

Leave a Comment