Internet of Things (IoT) devices typically have default passwords that allow purchasers to initially log into administrator interfaces when setting up their products. The trouble is that many people never change those passwords to something unique. Here’s why that’s a problem.
What’s the Risk of Not Changing Default Passwords?
Today’s hacking methods are increasingly automated. Cybercriminals perform brute-force attacks using tools that can quickly run through username and password combinations until they find pairs that work. Imagine if millions of IoT devices have default passwords their owners never change. That gives hackers’ attack attempts a huge reach.
Another issue is that default passwords’ simplicity makes them easy to spot. A 2022Bullet Proof reportshowed cybersecurity researchers’ findings when they set up servers with default passwords, using them as honeypots. Some of the most popular combinations included:
The telltale clue in both examples is they don’t include hard-to-guess or random strings of letters and numbers. People sometimes usethe concept of password entropyin cybersecurity. It relates to the randomness and unpredictable elements of a password. Password entropy rises with the prominence of those two aspects.
Imagine if an amateur hacker tried to break into an IoT device, even without automated tools. They could try something similar to the above examples and enjoy a high chance of success.
Which IoT Devices Have Passwords?
AStatista forecastanticipates that there will be more than 29 billion IoT devices worldwide by 2030. A best practice for cybersecurity is to assume most connected products have password protection, especially if they collect and transmit personal information.
You might know tokeep the software on your smart speakerupdated for better protection against hacks. Have you also changed the default passwords? If not, cybercriminals could infiltrate your home’s network and everything connected.
ACybernews reportabout IP cameras examined 3.5 million of these internet-facing devices. One takeaway was that manufacturers of 127,000 such products only recommended that people change the default passwords to unique credentials but did not require it.
Whether you use IoT baby monitors, coffee machines, or music players, always assume there’s a default password to change. Do it before using your device or connecting it to a Wi-Fi network.
Do an IoT Password Check
Default passwords are convenient since they permit first-time logins for new users. They’re also clear cybersecurity risks. Fortunately, these credentials are easy to change, so you can do it in a minute or two.
