The Akamai content delivery network identified that more than 2 million Internet devices are vulnerable to the SSHowDowN attack.
SSHowDowN Affects More Than 2 Million Devices
The Akamai content delivery network has reported that hackers have continuously abused security flaws in Internet connected devices, specifically IoT (Internet of Things) appliances. This has been done though weaknesses in the cryptographic protocol that is used to authenticate the user and provide secure communications. According to their report more than 2 million devices have been compromised by hackers in the attack known as SSHowDowN.
This has happened because of a flaw in the Secure Shell (SSH) protocol that is used for remote system access. The problem lies in the default configuration set by the vendors and manufacturers. The hackers have used various tricks to gain access to the appliances and compromise the systems.
Hackers use the SSHowDowN technique by establishing unauthorized SSH tunnels to IoT devices which route the malicious traffic to the target machines. Akamai has detected this trick by looking for “credential stuffing”, a technique where attackers set up automated systems for getting into target customer accounts on sites.
The Akamai team has observed that the criminals use “admin” accounts to authorize an SSH tunnel to a IoT network video recorder. They used the access to generate and send malicous traffic to the appliance. As it used a factory default password this was a very easy task to perform. From there on the attackers are able to gain access not only to the victim device, but also to the internal network itself.
Akamai is working actively with vendors to strengthen their SSH implementation. Partners include the network video recorder maker NUUO, the satellite antenna maker Intellian, the WiMax router maker Green Packet, the hotspot maker Ruckus, and the network-attached storage device maker Synology.