ZDNet today reported that a hacker published the IP addresses, usernames and passwords used to access roughly 515,000 internet-connected devices via the Telnet protocol. That information could be used to remotely control the affected products.
The leaked credentials are said to belong to servers, routers and Internet of Things devices that exposed their Telnet port to the internet. Once the hacker found those devices, they either used the manufacturer's default account credentials or correctly guessed the username/password combination that secured the devices.
ZDNet said the credentials were leaked by a distributed-denial of service (DDoS) botnet operator who collected them between October and November 2019. It's possible that some of the devices have changed IP addresses or account credentials by now. (Not that it would be hard to find their new IP address with a quick search.)
Attackers could use those credentials to gain remote access to the affected devices. That access could in turn allow the attackers to recruit the devices in botnets that would be used to conduct DDoS attacks, engage in ad fraud or assist with other schemes. Adding more than half a million devices to a botnet could be useful.
People who rely on these so-called smart devices might want to make sure their Telnet credentials are different from the manufacturer's default username/password combination, hard to guess and private. Otherwise they might find out their internet-connected toaster is doing more than just burning their bread every morning.
I mean, if you have their DNS names, sure. But they probably just have the bare IPs, for most of these devices. Some of them might be findable on the same subnet, but I still wouldn't call that quick.
...or, don't use Telnet! Just shut it off, which most devices support.
seems like a fun project!
that's one thing to do with it. if someone did not bother to change from the default settings, then they likely don't even use Telnet. log in, change the password and such and then you got a permanent way into whatever device it is. well, until the owner finally figures it out and turns it off or resets the device back to defaults.
i doubt many people actually use Telnet but don't know enough to know to turn it off. it should not be enabled by default on any device especially consumer products with totally clueless users hooking it up.
Telnet doesn't have to be running on the destination server for it to be useful.
Assuming the list contains more users/pass than just telnet client (port 23) --
You download telnet then use it like this:
telnet remoteIP remotePort
So, you can use telnet on http port (80), ssh (22), or any apps commonly installed and running on ports on the remote system.
Also, by doing so, you'll be breaking anything that relied on accessing those devices via the compromised account - either by telnet or a more secure means.
Um, did you ever try this?
Telnet just runs over raw TCP/IP. If you point a telnet client at a port running another protocol, it's not like it gives you a login prompt - you'll see whatever that protocol does, which most likely won't make any sense to you or be particularly useable via a telnet client.
That said, I've used a telnet client to script some simple RTSP commands against a remote serer I was testing. So, depending on the protocol, it can definitely be useful.