Download PDFOpen PDF in browser

Generative AI-Based Tool for Brute Forcing IoT Devices’ Default Credentials

EasyChair Preprint 15403

7 pagesDate: November 10, 2024

Abstract

This study beneficially uses the power of generative AI to search for vendor-specific default credentials and uses them to brute force IoT devices logins. IoT devices have a diverse set of open ports used for accessing and configuration. With the increased usage of IoT devices, keeping all devices’ ports well- secured is overwhelming and costly, especially for SMEs. Using a variety of methods to approach the problem, this research studied IoT attacks, figures, characteristics, IoT penetration tools, and SMEs requirements to produce an automated solution. Findings indicated that a lot of IoT devices are still configured with default credentials making the networks they are connected to vulnerable attacks. The solution presented, is a script that integrates OpenAI GPT to search for default credentials, Nmap to scan for open ports, and Hydra to attack the device. The tool is implemented to assess ports 20, 21, 22, 23, 80, and 443. To detect vulnerable IoT devices and report them to the user, the tool analyses login pages available on ports 80 and 443 to search for the brand and model of the IoT device. The output is used for the default credentials GPT search. Despite its ability to shortlist the dictionary for a brute force list, it should be tested on an experiential environment that includes different IoT simulators with several open ports on changed credentials and default ones. Then verified its functionality on a real IoT network. Further research could explore implementing machine learning to thoroughly analyse IoT device firmware.

Keyphrases: Brute force, Default Credentials, Detection and Mitigation, Generative AI, HTML selectors, Internet of Things, IoT device, Open Ports, Python Script, SMEs, Username and Password, brute force attack, brute-forcing, configured with default credentials, create a botnet, credentials brute force, default credentials vulnerability, default username and password, failed login attempts, list of credentials, login attempt, login attempts, login form html selector, login page on ports, network for iot devices, password authentication, search for default credentials, target iot device, username password combination, vulnerable iot devices, web page

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:15403,
  author    = {Anas Al Rawi and Nafaa Jabeur and Raja Waseem Anwar},
  title     = {Generative AI-Based Tool for Brute Forcing IoT Devices’ Default Credentials},
  howpublished = {EasyChair Preprint 15403},
  year      = {EasyChair, 2024}}
Download PDFOpen PDF in browser