Forget about 12345 or P@ssW0rd, an Avira honeypot set up to find new smart device threats has identified an even more insecure credential – nothing.
“The most commonly used credential is blank, which means that the attackers just enter an empty username and password,” says Avira threat analyst Hamidreza Ebtehaj. “This is even more common than admin.”
Credentials in this case are a two-part combination of the user name and the password which hackers enter into Avira’s smart device honeypot while attacking it. Attacks with blank or empty credential slots made up a 25.6% of the total, vastly outnumbered the other top credential combinations. This blank category even exceeded share of default IoT device credentials such as “admin | QWestM0dem” and “admin | airlive” (24.0%) and the collection of general default credentials (23.4%) with those timeless classics such as “admin | admin”, “support | support”, and “root | root”.
Specific IoT malware attacks, where the hackers zeroed in on a known vulnerability with credentials such as, made up 25% of the total. The two top credential pairs were “root | xc3511” and default | S2fGqNFs” – two internet connected web cams which have gone to market under a number of names.
“These stats were collected on Friday, September 13,” he adds. “The numbers, especially for IoT malware-related stats, do vary slightly based on ongoing attacks, but the general distribution has remained consistent for some time now.”