Don’t count on the default login credentials

A joint blog post from InternetNZ and Go Wireless NZ
6 December 2016 

cyber imageWe live in a world where more and more things we buy are becoming connected to the Internet.  Your computers, smartphones, tablets, smart TVs, lightbulbs, doorbells and security cameras are, or soon will be, Internet-enabled devices. You need to make these as secure as possible to prevent unwanted access from an attacker.

Unfortunately, companies which make these devices generally do a poor job of addressing these risks in advance, which means users are left to look after themselves. Many people are either unaware of the security risk or lack the tech-savvy to deploy appropriate security measures. These new Internet connected devices continue to be one of the main targets for hackers to launch their attacks.  These attacks can include invading homeowners personal data, banking records, identity theft, using their connections to launch attacks against others, and more.

One of the reasons that these devices are so often exploited is the fact that owners are too reluctant, or unable to change default login credentials from routers’ manufacturers.

In a publication by Securelist, attackers exploited more than 4.5 million DSL modems in Brazil between 2011 and 2012. Team Cymru also reported that the DNS settings of 300,000 wireless routers in homes and small offices were altered by a group of attackers in March 2014. Brazilian routers were once again attacked in September 2014 for the same vulnerability. Internet journalist Brian Krebs, whose website was attacked and taken offline in September, reports that the new device du jour for hackers seems to be CCTV cameras and DVRs.

Once attackers gain access to these devices, they can modify settings which allow them to retask your device to essentially work for them. There are many things attackers can do such as inserting malware, displaying ads, stealing identities, using all your Internet traffic to attack websites and phishing.

In spite of the fact that these attacks can sometimes be very sophisticated, there are simple things that the average user can do to defeat them.  

Change default usernames and passwords

The first of these things is to change the default username and password. New devices come with default (and sometimes easy to guess) username and passwords. Device manufacturers use easy-to-remember credentials to help users connect and configure their routers more quickly. These credentials are often printed on a sticker attached to the back of the router. Most manufacturers actually suggest owners to change the default credentials as soon as the initial setup is completed, but people ignore the suggestion. It is easy and quick to change credentials, so there is no reason to compromise security.

image promo

Keep your devices updated

Secondly, Internet connected devices run on software developed by the manufacturers. Similar to the operating systems on computer and smartphones, owners must update the software to fix security issues. However, as manufacturers compete to keep device cost low, there is a temptation to abandon software development for old devices in favor of making new products. Most devices do not come with auto-update features, so owners must regularly check the manufacturers’ websites for new updates. The easiest way to make sure that your devices are able to be kept up-to-date is to ensure they are build by reputable manufacturers and sold by local distributors with a proactive support team.

So in conclusion, changing your default device passwords to something unique and hard to guess, as well as as ensuring that the software on the device is being regularly updated, should go a long way to keeping your home environment safe.