Saturday 21 January 2017

Securing IoT Devices from Mirai BotNet Vulnerability

I use the tinyCam Monitor app to view an IP camera I have setup at home. One of the more recent updates introduced a nice initiative to check network devices for the Mirai botnet vunerability by checking known default usernames and passwords that were given when the hackers released the Mirai source code.

I opened the app to change some settings and noticed my network enabled door bell (probably routing through China) was listed as a vulnerable device. Pretty scary!


You can read about it on the wiki page, but here is a quick summary of Mirai: devices infected by Mirai scan the internet for IoT devices with default username and passwords and attempt to gain access and infect other devices. On command the infected devices (bots) can be used to create a massive distributed DDoS attack. Luckily the malware isn't written in to memory so rebooting the device should clear it, but if vulnerable devices are not patched then the malware will quickly reappear.

I did some searching and didn't find any simple tools that would scan my network for vulnerable devices, so I wrote a little python script that checks a given host (I used my router to see what devices were connected on what IPs) against the list of known default usernames and passwords put out when the Mirai hackers released the source code.

import getpass
import sys
import telnetlib

HOST = "192.168.1.17"

#[[Username,Password],]
userPassList = [["666666","666666"],["888888","888888"],["admin",""],
                ["admin","1111"],["admin","1111111"],["admin","1234"],
                ["admin","12345"],["admin","123456"],["admin","54321"],
                ["admin","7ujMko0admin"],["admin","admin"],["admin","admin1234"],
                ["admin","meinsm"],["admin","pass"],["admin","password"],
                ["admin","smcadmin"],["admin1","password"],["administrator","1234"],
                ["Administrator","admin"],["guest","12345"],["guest","guest"],
                ["mother","fucker"],["root","(none)"],["root","00000000"],
                ["root","1111"],["root","1234"],["root","12345"],
                ["root","123456"],["root","54321"],["root","666666"],
                ["root","7ujMko0admin"],["root","7ujMko0vizxv"],["root","888888"],
                ["root","admin"],["root","anko"],["root","default"],
                ["root","dreambox"],["root","hi3518"],["root","ikwb"],
                ["root","juantech"],["root","jvbzd"],["root","klv123"],
                ["root","klv1234"],["root","pass"],["root","password"],
                ["root","realtek"],["root","root"],["root","system"],
                ["root","user"],["root","vizxv"],["root","xc3511"],
                ["root","xmhdipc"],["root","zlxx."],["root","Zte521"],
                ["service","service"],["supervisor","supervisor"],
                ["support","support"],["tech","tech"],["ubnt","ubnt"],
                ["user","user"]]

print "Testing Mirai botnet default usenames and passwords on host:" + HOST

for userPass in userPassList:
    user = userPass[0]
    password = userPass[1]

    try:
        tn = telnetlib.Telnet(HOST, 23, 5)
    
        tn.read_until("login: ")
        tn.write(user + "\n")
        if password:
            tn.read_until("Password: ")
            tn.write(password + "\n")
    
     print "######WARNING###### Connected on port " + portNumber + " with Username:" + user + " Password: " + password
        tn.write("ls\n")
        tn.write("exit\n")
    
        print tn.read_all()

    except:
        print "Unsuccessful attempt Username:" + user + " Password:" + password

It's a work in progress but so far it works well enough for me.

I already knew my wireless door bell had a default username and password for the telnet port so I set out to change this to something else.

Changing the Telnet Password

My device didn't have the usual passwd command in linux that you would use to change the password of a user. I did some hunting and found a command chpasswd in the /usr/sbin/ directory. I followed the instructions here to work out how to use the command, then I changed the password of the root user by doing the following:


  1. Telnet in to the device (I use PuTTY)
  2. Enter the default username and password you discovered earlier
  3. Type the command "chpasswd" in and press enter
  4. Enter the new username and password in the format "username:password" and press enter
  5. Hit ctrl+d to exit the script
That's it! You have gone a long way toward making your device (and the internet) a safer place

No comments:

Post a Comment