You’re a busy person, I get it. You buy a new piece of gear for you home or office. You plug it in, download an app, click a few buttons, bada-boom, it works and you move on. In many cases you’re not prompted to change the default password or configure any security settings which results in situations like these:
- In 2015, it was discovered that 90% of credit card readers in the US had the same default passwords, which led to compromises of users credit cards and worse.
- PT Security found in their 2019 report that 80% of web applications contained configuration errors that included default settings and passwords
- In 2016, the Mirai malware hacked enough IoT devices using the 60 most common default usernames and passwords that it was able to DDoS (read: temporarily knock offline) a service provider named Dyn which meant users couldn’t access Twitter, Netflix, Amazon, GitHub, and more.
Malicious actors are hungry for default passwords! It’s the cybersec equivalent of taking candy from a baby.
Solution & Recommendation
I’m not saying you have to read the manual (heaven forbid!), but put it on your checklist to change the default passwords on everything. Simple.
If you buy a new piece of hardware or gadget, doesn’t matter what it is, just take 30 seconds to hop into the settings and change the default password.
If you setup a new development tool or environment, immediately change the default password (or enable a password).
Especially if the piece of hardware, gadget, or development tool/environment is facing the public Internet or advertises that you can remotely access it.
Things with default passwords would include but aren’t limited to:
- IP cameras and security systems in your home
- Smart locks on your door
- WiFi routers
- Smart TVs
- Smart home and home automation devices
- Media boxes (things that like Apple TV, nVidia Shield TV, etc)
- File servers, smart storage solutions, or NAS boxes
- and probably anything with the word “Smart” in the product name
If that sounds daunting, don’t worry, lean on your password manager and it actually won’t be any trouble in your life.