As is often the case, Sophos shared a brilliant post by Maria Varmazis. In short, the piece reveals how the IoT – aka the ‘Internet of Things‘ potentially creates an insanely serious vulnerability. Virtually every digital device arrives with a default password. And the majority of those secret codes are easily obtained with a short Google search.
Back in the day (1994) when developing Windows based electronic medicals records software, I amused myself and clients by setting “bob” as the default access code. I jokingly told new users they could spell it forward or backward but it was case sensitive so later they could use a real pass-code with upper and lower case letters plus numbers and symbols. In fact, I urged them: “you absolutely must change the default password to be safe”.
Here’s the honest and chilling reality: I was able to access dozens of installed medical records systems many years later just be entering “bob” as the password beneath the doctor’s name as the username. Some did try to trip me up, of course, they changed the password protecting their patient’s medical information to “doc”. You might laugh and think that’s ludicrous… until you learn Equifax was secured with the password ‘admin’. Anyone who has a credit card was hacked that easily. In the interest of not making it any smoother, I won’t post the brand name, but a major manufacture of Internet technology was using ‘Admin” as well until fairly recently. To their credit, they changed the default password but it’s now one of several for newer models.
Your computer you probably do make an effort to protect. Your refrigerator? Often it’s using the same default password it had when shipped. So what’s the big deal? Well, even though your automatic lights switch around while you’re away, a bright spark planning to acquire much more than a midnight snack need only discover the door to the ice box hasn’t been opened in quite a while. That often is a clue no one is home. Hacked home security cameras confirm it’s a fine time to visit.
Read Maria Vamizis and realize how many portals the Internet of Things provide. And store the freshly generated password(s) in FaceGuard so you make it impossible for someone in Sudan or Syria to steal your bacon.