Linux and Raspberry Pi devices are proving a major security weak link

Everyone knows the default passwords

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

There are hundreds of thousands ofLinuxandRaspberry Pidevices connected to the internet right now, protected by nothing more than the defaultpassword.

In possession of these default passwords, cybercriminals are using numerous automated bots to scan for vulnerable devices. Once they find them, plantingmalwarebecomes relatively easy.

These are the findings of a new threat report from Bulletproof, which claims “knockknockwhosthere”, “nproc”, “1”, “x”, “1234”, “123456”, “root”, and “raspberry” are among the most common default passwords out there.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Easy attack point

“On the list are the default Raspberry Pi credentials (un:pi/pwd:raspberry). There are more than 200,000 machines on the internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue - default credentials are still not being changed,” said Brian Wagner, Chief Technology Officer at Bulletproof.

“Using default credentials provides one of the easiest entry points for attackers, acting as a ‘skeleton key’ for multiple hacks. Using legitimate credentials can allow hackers to avoid detection and makes investigating and monitoring attacks much harder.”

To make the situation even worse, the report claims a quarter of the passwords attackers use today originate from the RockYou database leak that happened more than a decade ago.

For the purpose of the report, Bulletproof’s cybersecurity researchers created a honeypot, in the form ofserversin publiccloudenvironments with deliberate security vulnerabilities, in order to attract bad actors.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Raspberry Pi OS just got a serious upgrade>Installing an OS on your Raspberry Pi is about to become a lot simpler>Raspberry Pi can now detect malware without any software

Over the course of the research, bad actors initiated more than 240,000 sessions, while in total, more than half (54%) of over 5,000 unique IP addresses had intelligence that suggested they were bad actor IP addresses.

“Within milliseconds of a server being put on the internet, it is already being scanned by all manner of entities. Botnets will be targeting it and a host of malicious traffic is then being driven to the server,” continued Wagner. “Although some of our data shows legitimate research companies scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts."

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report