Linux and Raspberry Pi devices are proving a major security weak link

Raspberry Pi Network Install
(Image credit: Raspberry Pi Foundation)

There are hundreds of thousands of Linux and Raspberry Pi devices connected to the internet right now, protected by nothing more than the default password

In possession of these default passwords, cybercriminals are using numerous automated bots to scan for vulnerable devices. Once they find them, planting malware becomes relatively easy.

These are the findings of a new threat report from Bulletproof, which claims “knockknockwhosthere”, “nproc”, “1”, “x”, “1234”, “123456”, “root”, and “raspberry” are among the most common default passwords out there.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Easy attack point 

“On the list are the default Raspberry Pi credentials (un:pi/pwd:raspberry). There are more than 200,000 machines on the internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue - default credentials are still not being changed,” said Brian Wagner, Chief Technology Officer at Bulletproof. 

“Using default credentials provides one of the easiest entry points for attackers, acting as a ‘skeleton key’ for multiple hacks. Using legitimate credentials can allow hackers to avoid detection and makes investigating and monitoring attacks much harder.”

To make the situation even worse, the report claims a quarter of the passwords attackers use today originate from the RockYou database leak that happened more than a decade ago. 

For the purpose of the report, Bulletproof’s cybersecurity researchers created a honeypot, in the form of servers in public cloud environments with deliberate security vulnerabilities, in order to attract bad actors. 

Over the course of the research, bad actors initiated more than 240,000 sessions, while in total, more than half (54%) of over 5,000 unique IP addresses had intelligence that suggested they were bad actor IP addresses.

“Within milliseconds of a server being put on the internet, it is already being scanned by all manner of entities. Botnets will be targeting it and a host of malicious traffic is then being driven to the server,” continued Wagner. “Although some of our data shows legitimate research companies scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts."

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Frustrated unhappy laptop user girl touching head at work table with computer
Five essential tips for keeping your new PC secure
The Python banner logo on a computer screen running a code editor.
More malicious Python packages are on the loose, experts warn
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
Diego Luna looks questioningly at the back of someone&#039;s head as Cassian Andor in the show Andor
Disney+ is making Andor free to stream on YouTube, and now you have no excuse not to watch the best Star Wars show
Matt Murdock and Kirsten McDuffie standing in a court room in Daredevil: Born Again
Daredevil: Born Again episode 3 contains another Marvel reference to Spider-Man, but it's got nothing to do with Tom Holland's Peter Parker
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes