Web-Wide Scan Reveals Shocking Security Weaknesses

Dennis Faas's picture

In one of the most spectacular research projects ever carried out online, an anonymous security researcher has scanned the entire Internet for security holes. They found that millions of devices have no password protection whatsoever.

The project was simple in concept: the researcher tried to contact and then access devices by trying every possible IP (Internet Protocol) address using IPv4, a system by which every device connected to the Internet uses 12 digits as identification.

This means that IPv4 allows for a maximum of around 4.2 billion IP addresses.

The researcher tried to contact every possible IP address in order to check whether its connection was adequately protected. To do this, the researcher scanned addresses at random and attempted to place a small text file on the connected machine.

This text file explained the project and included a contact email address so that anyone who spotted the intrusion would know what had happened and that the motives weren't malicious.

420,000 PCs 'Borrowed' For Scanning

Once the researcher had found around 420,000 addresses using this method, they added a small piece of software to each of the unprotected computers.

This software used the unprotected computer to carry out its own scan of even more IP addresses.

By splitting the 4.2 billion addresses across the 420,000 unprotected machines, each machine only had to scan 10,000 other addresses to complete the process.

The results were astounding. The researcher has been able to produce a barrage of statistics showing how patterns of daily Internet use vary throughout the world.

A Million Webcams Easily Hackable

The real finding was that half a million printers and more than a million webcams were protected only by weak, default passwords -- meaning it was a simple task to seize control of them and capture sensitive information.

The research also showed that many Internet routers still use default passwords, such as "admin." A hacker with access to an unprotected router could not only change the WiFi password, but also reroute and intercept data more easily.

It wasn't just domestic gadgets that were unprotected, however. The researcher found numerous industrial control units -- such as security systems or complex machinery -- with no password or an easily guessable default password.

The security researcher also discovered that many computer networks were infected by malicious software.

It might be a long time before we see another scan of this magnitude. With IPv4 addresses running out, the Internet is gradually switching to a new system called IPv6.

Whereas IPv4 has 4.2 billion possible IP addresses, IPv6 allows for up to 340 undecillion unique IP addresses.

Rate this article: 
No votes yet