Hackers Now use IoT Devices As Proxies For Remote Credential Testing

The Internet of Things holds great merit and future potential for creating a smarter and more automated ecosystem. Unfortunately, these Internet-connected devices have one fatal weakness: security. Hackers can easily hijack thousands of DVRs, CCTV cameras, and networking devices to test stolen login information from various sources. This makes it nearly impossible to find the people responsible for the theft and these hacking attempts.

Using IoT Devices To Check Stolen Credentials

In this day and age of online crime, hackers and other nefarious individuals are stepping up their game. As more devices get connected to the Internet, new forms of technological exploitation become apparent. A lot of our devices have an active Internet connection, but most of them are not adequately secured.

Criminals have come up with a new way to take advantage of these security weaknesses. By taking control over thousands of devices– mostly DVRs, satellite antennas, and others–they can use them to test stolen login credentials. In fact, new research shows as many as two million devices may have been used during this “trial and error” campaign.

Keeping in mind how the majority of IoT devices can be accessed through a web portal, it is not overly difficult to take advantage. If the criminals manage to log in as an administrator, they can compromise all data stored on the machine. For a router or network server this could spell serious trouble. But there is more, as they can also take over the machine entirely, sometimes even without the owner noticing that something malicious is going on.



Related Post

To make matters worse, one of the biggest targets investigated during this research is a company specializing in developing Wi-Fi hotspot hardware. A lot of consumers use free Wi-Fi in public places, trusting the business owner to ensure that all data is secure and safe from prying eyes. But if the culprits manage to break into the hotspot and capture all information flowing through, there is no security to speak of.

The company in question, going by the name of Ruckus Wireless, issued a security warning back in 2013. At that time, the first incidents of malicious usage of their Wi-Fi hotspots were noted. However, the Akamai research stated that these hotspots are still being used three years later, which indicates that the vendor did little to patch the security vulnerabilities.

Making all IoT devices accessible by SSH seems to be a problem as well. This is the connection method used by criminals to access most devices, as the protocol supports remote logins even from remote locations. Using third-party devices to cover the tracks of a hacking attempt is clever, but it also highlights another new problem for security researchers.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

1 hour ago

Top 5 Best Crypto Presales to Grab Now: Don’t Miss These December Week 1 Gems

The crypto market is a buzz with promising presales as 2024 draws the curtains. With…

1 hour ago

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

10 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

10 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

10 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

10 hours ago