Whole internet probed for insecure devices Published duration 21 March 2013

image caption The project probed millions of devices connected to the net

A surreptitious scan of the entire internet has revealed millions of printers, webcams and set-top boxes protected only by default passwords.

An anonymous researcher used more than 420,000 of these insecure devices to test the security and responsiveness of other gadgets, in a nine-month survey.

Using custom-written code, they sent out more than four trillion messages.

The net's current addressing scheme accommodates about 4.2 billion devices. Only 1.3 billion addresses responded.

The number of addresses responding was a surprise as the pool of addresses for that scheme has run dry. As a result, the net is currently going through a transition to a new scheme that has a vastly larger pool of addresses available.

The scan found half a million printers, more than one million webcams and lots of other devices, including set-top boxes and modems, that still used the password installed in the factory, letting almost anyone take over that piece of hardware. Often the password was an easy to guess word such as "root" or "admin".

"Whenever you think, 'That shouldn't be on the internet, but will probably be found a few times,' it's there a few hundred thousand times," wrote the un-named researcher in a paper documenting their work

HD Moore, who carried out a similar survey in 2012, told the Ars Technica news website the results looked "pretty accurate".