Security researchers have discovered a list of thousands of Telnet credentials that enables anyone on the Internet to take control over home routers.
“Telnet is a protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).”
The list has been published on Pastebin since June 11. The list contains user names and passwords in the form of “admin:admin”, “root:root”, and other forms. The Pastebin list contains 143 credential combos, including the 60 admin-password combos from the Mirai Telnet scanner.
The list contained more than 33,000 credentials, probably because it had been updated over time from multiple Internet scans without unnecessary records being removed. Some IPs in the list exposed more than one username-password combination, that means that device had more than one account or because the device had been infected by malware on subsequent scans.
Users should enable remote access to IOT devices only when there is a good reason, and then only after changing the default login details to use a different, randomly generated password, preferably of 10 or more characters. Even when remote access is disabled, users should always assure the default password is replaced with a strong one.
