Re: [Lwip] Internet Census 2012 -- Insecure embedded devices

Hannes Tschofenig Thu, 21 Mar 2013 03:07:56 -0700

That's a good question.

I believe they just assume that those devices with default passwords are indeed embedded devices.

While that may not be 100% true most desktop and mobile phone operating system do not come with default accounts shipped anymore. During the initial system setup you have to configure them to something.

In the embedded space it is, however, still very common to have the devices come with default accounts. Just think about all those folks who install a Raspberry Pis. They just download the images and never change the passwords.

Gesendet: Donnerstag, 21. März 2013 um 02:36 Uhr
Von: "Cao Zhen (CZ)" <[email protected]>
An: "'Hannes Tschofenig'" <[email protected]>, [email protected]
Betreff: RE: [Lwip] Internet Census 2012 -- Insecure embedded devices

Hi Hannes,

Thanks for sharing this interesting work.

I have got a question but did not find an answer in the paper, how the scanning agent can determine the target is an "embedded device"?

Best regards,
zhen

> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of Hannes Tschofenig
> Sent: Thursday, March 21, 2013 3:08 AM
> To: [email protected]
> Subject: [Lwip] Internet Census 2012 -- Insecure embedded devices
>
> Hi all,
>
> today I found this article and I thought I should share it with you given all the security discussions
> in the group:
> http://internetcensus2012.bitbucket.org/paper.html
>
> It is rather depressing.
>
> Ciao
> Hannes
>
> _______________________________________________
> Lwip mailing list
> [email protected]
> https://w

_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip

Re: [Lwip] Internet Census 2012 -- Insecure embedded devices

Reply via email to