Miscellaneous IoT security issues found and reported

An attacker does not always need to use an IoT vulnerability to take control of a device. Sometimes they also achieve their purpose by issues like using security misconfigurations, leaked data, lack of credentials or an accidental backdoor.  I proactively keep on looking for such IoT security issues. If an issue is found, I inform the responsible authorities to get it fixed to safeguard these devices.

 

  1. Working with Singapore CERT to patch an accidental router backdoor

When NewSky alerted Singapore's CERT, and that body took the issue to SingTel, Anubhav said the root cause was that SingTel enabled port 10,000 to troubleshoot a problem with the SingTel-branded routers (the “Wi-Fi Gigabit Router” is supplied by Arcadyan). The carrier neglected to close the port once the issues were resolved, leaving the customers vulnerable.

https://www.theregister.co.uk/2018/05/29/singtel_left_home_router_ports_open/

   2.  Identifying an IoT credential leak list

Ankit Anubhav unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 "Internet of things" devices and make them part of a destructive botnet.

https://www.cyber.nj.gov/alerts-and-advisories/20170831/iot-devices-with-open-telnet-ports-vulnerable-after-credential-leak

   3.  Identifying hundreds of Brother printers exposed online

NewSky Security researcher Ankit Anubhav discovered approximately 700 Brother printers unsecured and exposed to the internet. Exposed printers include Brother models HL-L2360D, MFC- J470DW, MFC-J480DW, MFC-J485DW, MFC-J440DW, MFC-7360N, MFC-9330CDW, MFC-9970CDW and one SATO CL4NX printer.

 

https://www.cyber.nj.gov/alerts-and-advisories/20171019/hundreds-of-brother-printers-exposed-online

 

   4. Identifying hackable Lexmark printers, some belonging to US Government offices

 

Found hundreds of Lexmark printers misconfigured, open to the public internet and easily accessible to anyone interested in taking control of targeted devices. Researcher identified 1,123 Lexmark printers traced back to businesses, universities and in some cases U.S. government offices.

 

https://threatpost.com/user-gross-negligence-leaves-hundreds-of-lexmark-printers-open-to-attack/129187/

 

   5. Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords

 

Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security, discovered that almost a half of Lantronix device servers reachable online (6464 devices) are leaking their Telnet passwords. The root cause of this huge password exposure is a vulnerability that allows attackers to retrieve the setup config of Lantronix devices by sending a malformed request on port 30718.

https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ethernet-devices-leak-telnet-passwords/

 

   6. Discovering 5000 vulnerable routers of Oi Internet

 

A Brazilian ISP appears to have deployed routers without a Telnet password for nearly 5,000 customers, leaving the devices wide open to abuse. The devices have been discovered this week by Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security. All exposed devices are Datacom routers the ISP —Oi Internet— has provided to customers. Anubhav says he identified three types of Datacom routers —DM991CR, DM706CR, and DM991CS.

https://www.bleepingcomputer.com/news/security/5-000-routers-with-no-telnet-password-nothing-to-see-here-move-along/

 

   7. Tens of Thousands of Defaced MikroTik and Ubiquiti Routers Available Online

 

Spotted by Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security, these benign hacks have been going on since last summer. Speaking to Bleeping Computer, Anubhav says he first spotted these defacements last July, when he found over 36,000 Ubiquiti routers with strange hostnames, a number that has grown to over 40,000.

 

https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-defaced-mikrotik-and-ubiquiti-routers-available-online/

  8. Discovering CVE-2013-6117 cached passwords of tens of thousands of Dahua devices in ZoomEye

 

The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security. After finding out the issue, NewSky Security worked with ZoomEye to delete this cache leak from their public database to safeguard the device owners.

 

https://www.theregister.co.uk/2018/07/16/zoomeye_iot_dahua/