Hardware Password Defaults – Do You Change Them?

Robinson+Cole Data Privacy + Security Insider
Contact

[author:

IT professionals have long understood the importance of changing the default password for network connected hardware devices (printers, switches, wireless access points, etc.). In the world of the Internet Of Things it seems everything is connected to the internet, the locks to your house, the refrigerator, your car, the wireless router from the cable company, the list goes on. All of these devices have a default user name and password for managing settings. IT professionals should know better than to ever leave those administrator passwords as default, but does the general public?

In September of 2015, the InfoSec Institute published a detailed article regarding the exploitation of corporate printers (InfoSec Institute).  In January 2016, several news outlets reported on hackers using the storage in network connected printers and multi-function devices to store and execute malicious code (SecurityWeek).  In March, it was reported how hackers printed anti-Semitic flyers to thousands of publicly accessible printers (WashingtonPost). As recently as Friday September 9, Security Week reported on a new malware variant, Mal/Miner-C, discovered by Sophos that specifically targets network attached storage devices, leveraging default user name and passwords (SecurityWeek).

Whether you are an IT professional or a home consumer, hackers continue to exploit vulnerabilities in other network connected devices beside your traditional computer. Based on the recent discovery of Mal/Miner-C, hackers continue to see the default user name and password as a way into those devices. Clearly we are not doing a good enough job at adhering to what amounts to age old advice; change the default administrator password immediately and disable any unused or unnecessary services. If you don’t plan to have your refrigerator order your groceries for you, turn that service off and be sure to change the default password on that fancy new garage door lifter.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Robinson+Cole Data Privacy + Security Insider

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide