Internet-wide scan reveals millions of devices are exploitable due to use of default passwords like “admin” or “root”


A researcher, who has chosen to remain anonymous, has performed an internet-wide scan to determine the security level of gadgets like printers, webcams, and set-top boxes all across the world.

The scan was done by using the researcher’s custom-written code  to send out more than 4 trillion messages. To put things in perspective, the internet’s current address scheme can have approximately 4.2 billion addresses. So after the 4 trillion messages were sent, only 1.3 billion addresses responded. This revealed that half a million printers, over one million webcams, and numerous other devices still use the factory-default passwords for “security.” These are the usual passwords you’ll find when you set up a new device, such as “root” or “admin.” I wouldn’t be surprised if “1234” or “0000” are in there as well.

The problem with using default passwords, the researcher says, is that it theoretically allows almost anyone to take control of these devices. And unfortunately, this is already happening. The unnamed researcher says that hackers are exploiting these unprotected devices to run criminal networks, send out spam, perform phishing and DDoS attacks.

The lesson here? Change the password when you get a new device. It’s a few steps that can go a long way in making the internet a safer place for all of us, one user at a time.

 [via BBC, Online research paper, image via David Burillo]

Related Posts