Slashdot Mirror

← Back to Stories (view on slashdot.org)

353,436 Exposed ZTE Devices Found In Net Census

Posted by timothy on from the login-and-password-are-the-login-and-password dept.

mask.of.sanity writes "Hundreds of thousands of internet-accessible devices manufactured Chinese telco ZTE have been found with default or hardcoded usernames and passwords. The devices were discovered in analysis of the huge dataset from the Internet Census run this year. ZTE topped the charts, accounting for 28 percent of all affected devices worldwide. Only one manufacturer has responded to the researcher's bid to supply the data in efforts to stop production of insecure devices."

5 of 29 comments (clear)

  1. Re:By by EvilSS · · Score: 3, Funny

    So the devices didn't manufacture a Chinese telco named ZTE? That makes this a much more boring story. Guess I have to put my "Rise of the Machines" supplies back in the closet now.

    --
    I browse on +1 so AC's need not respond, I won't see it.
  2. Re:heh by Anonymous Coward · · Score: 5, Insightful

    Who wants to bet that chinese intelligence was involved in this?

    And we're supposed to trust US products don't have settings demanded by the NSA?

    Sorry America, but you're just as un-trustworthy these days, and your corporations are just an arm of your government for spying -- and your government is just an arm of your corporations for foreign policy

    A nice little incestuous feedback loop.

  3. Re:heh by Idimmu+Xul · · Score: 3, Insightful

    The default root password for every DRAC (Dell Remote Access Card) in existance is

    *Drumroll*

    calvin

    fucking american spies

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
  4. Gaoke Communications is just as bad by Anonymous Coward · · Score: 3, Interesting

    Gaoke MC600x WiFi routers are used all over South America and probably elsewhere.

    They are installed by the telecom company and they do change the admin password. However, you don't even need a password, just go to the internet IP address of a device, the default is the web interface is visible from the Internet, and rather than logging in change the last part of the URL to wifilan.htm and it will think you are logged in as guest. The guest user can change all the WiFi settings.

    They may be insecure but at least they are cheap!

  5. Blocking 23 by Gary+Perkins · · Score: 3, Informative

    His recommendation at the bottom is for ISP's to start blocking port 23. I certainly hope that doesn't become a "solution". Many people like to host their own servers, and these default port blocks just make life horrible. The BBS hobby scene uses 23 quite a bit and would take a hit. Blocking ports is not an answer, and in fact I'd like to see the practice banned.