A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.
In a Seclists posting yesterday, the researcher, Gordon Lyon, describes how he was able to take control of open, embedded devices on the Internet. He did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web have no security to safeguard against a possible takeover.
By taking control of the devices, the researcher effectively established a botnet -- which he called "Carna" -- and surveyed the Internet. Botnets are often with more nefarious activities, such as spamming, distributed denial-of-service attacks, and credit card and identity theft. After concluding his research, Lyon said, he shut the botnet down, quipping that "no devices were harmed during this experiment."
And in a low-key way, he warned of the dangers revealed in his exploration:
Click headline to read more--