Default Password Exposes 600,000 GPS Trackers While Satori Botnet Author Faces Jail Time
Amidst news of the Satori author pleading guilty, researchers found over 600,000 exposed GPS trackers due to the use of a default password. These two cases seemingly highlight how security issues with the internet of things (IoT) exacerbate one another — poor device security and the cybercriminals who actively take advantage of them.
Poor device security
Security researchers from Avast discovered the exposed GPS trackers. They found several issues in the T8 Mini, a GPS tracker manufactured by Shenzhen i365-Tech, an IoT device manufacturer based in China.
Their investigation revealed that the issues were present in over 30 other GPS tracker models produced by the manufacturer, exponentially affecting more users. Researchers said that the passwords could allow hackers to hijack user accounts, subsequently allowing them to spy on conversations, spoof the device’s location, or track the device from GSM channels.
Other weaknesses were present in the GPS tracker's backend infrastructure, which consists of a cloud server that receives information from the tracker, a web panel that displays the tracker’s location, and a mobile app with the same function.
Out of all of them, the most critical issue was the way user accounts of both web panel and mobile app used weak credentials. Researchers found that the user IDs were based on the GPS tracker’s IMEI (International Mobile Equipment Identity), while the password was the aforementioned “123456.”
Users can change the default passwords once they log into their accounts, however, Avast found that more than 600,000 accounts were still using the default password.
Threats and cybercriminals
This is the sort of opportunity cybercriminals look out for when launching attacks. One of these threat actors was the Satori author Kenneth Currin Schuchman, who recently pleaded guilty to creating and operating botnets composed of home routers and other IoT devices. Schuchman, also known as Nexus Zeta, not only rented botnets, he also used these botnets himself.
As Nexus Zeta, he identified having worked with two other cybercriminals identified as Drake and Vamp. According to the court documents, Vamp served as the primary coder and developer, Nexus Zeta as the second developer, and Drake as the botnet sales manager and customer support.
In 2017, they launched the Satori botnet, which was based on the public code of Mirai. Satori extended the capabilities of Mirai, and similarly exploited devices that still used factory settings and default or easy-to-guess passwords. During the same year, the three cybercriminals created a new botnet version called Okiru, which mainly targeted security cameras. The group's DDoS service reached its peak by the end of 2017, after they updated both Satori and Okiru.
In 2018, Schuchman started working independently, but not before developing a new botnet that combined Mirai and Satori features. After their split, Schuhman competed with his former partners. The group eventually reconciled, but the FBI was already tracking Schuchman by then.
Schuchman faces up to 10 years in prison, a fine of up to US$250,000, and up to 3 years of supervised release. ZDNet has the detailed timeline.
Securing the IoT
These two events highlight issues in securing the use of IoT. Threats like botnet malware are based on vulnerabilities and poor overall security of devices available in the market. Users can follow these best practices to keep their devices and IoT environments safe.
[Read: Inside the Smart Home: IoT Device Threats and Attack Scenarios]
- Change default settings and use strong credentials to avoid brute force attacks.
- Choose secure IoT devices by researching trusted vendors.
- Apply patches and updates as soon as they become available, to prevent vulnerability exploits.
Users can also consider using security solutions that can help them identify and defend against the threats to IoT environments. The Trend Micro™ HouseCall™ for Home Networks tool, for instance, scans home networks for vulnerabilities and suggests ways to deal with them.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report