In today’s technology environment, whether personal or business, every device and most software packages come with default passwords. CHANGE THEM IMMEDIATELY. When these devices are installed, users frequently leave the default passwords in place. When default passwords are left unchanged, any person with less than perfect scruples (read: MALICIOUS HACKERS) can access your device and gain access to other devices on your network.
Although it sounds basic, many people do not think about changing their passwords on their routers, on their firewall appliances or on their MAC addressed devices. Some trusting souls even leave them BLANK. Using easily available tools on the Internet, the type of device with an IP address can be easily determined. Other sites have published default passwords or administrative passwords for commonly installed devices and appliances. This potentially puts millions of devices – with IP addresses and MAC addresses- at risk for exploitation. I used to freak people out twenty years ago with the default passwords of answering machines- that were never changed.
Some examples that you may not think about: smart TVs, gaming consoles, refrigerators, industrial control systems, business phone systems and voice mail systems. This is in addition to the regular favorites – routers, wireless access points, firewalls and computers.
According to the US Computer Emergency Readiness Team (US-CERT) A hacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. The consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include
- Internet Census 2012 Carna Botnet distributed scanning
- Fake Emergency Alert System (EAS) warnings about zombies
- Kaiten malware and older versions of Microsoft SQL Server
- SSH access to jailbroken Apple iPhones
- Cisco router default Telnet and enable passwords
- SNMP community strings
The first thing that you can do to address this problem is to always – ALWAYS- give a device a unique non default password. Recommended passwords should be strong- meaning that the include both alpha numeric characters, capitals and symbols (!,@,#,$,% & ). If you are a social media wonk, your Facebook page can act as a treasure trove for clues for a determined hacker.
If you manage technology for others – coworkers, clients, family members or friends- always enforce a password changing policy when you set up new devices. Always change passwords from default passwords. I can’t stress that point enough. Change. Be security minded. Don’t assume.
More importantly, restrict access to your network. Make sure that only those users who should be allowed on the network are allowed on your network. With the amount of cyber attacks growing at an alarming rate, the safety of information on a network is only as good as the passwords restricting access to the network.
If you are interested in seeing how secure your network is, there are a number of legitimate sites that will show you how to scan your network for vulnerabilities and secure the access. There are a number of sites that offer free vulnerability assessment scanning. Use them.