Default passwords are the routers of all evil

Nick Booth, freelance IT and communications writer

All these Mirai BotNet stories can’t be helping the IoT industry can they? Still, on the basis that all publicity is good publicity, perhaps some good will come out of the recent network hijackings.

Don’t laugh, but it could even be a marketing opportunity. Maybe kit manufacturers could contact all their customers and encourage them to upgrade devices.

A more realistic option for router makers is to get creative when persuading customers to change their default passwords. Password prompts are boring and lectures are even worse. But not as tedious as the notes that come with every ‘plug and play’ device. Who writes them? They make the authors of software license agreements look like Ricky Gervaise, says Nick Booth, freelance IT and communications writer.

Manufacturers of devices will need to do something drastic to get people to pay attention to passwords or everyone will continue to ignore them. As a result, hackers will have a field day hi-jacking the IoT. Stephen Gates, chief research intelligence analyst at Nsfocus says IoT-based attacks will be The Big Trend for 2017.

Logistics is the big problem the kit makers face. Fair enough, it would cost manufacturers dearly to give each device a unique password. But it’s not OK to assume that everyone will change their default password for their device. Especially if you don’t make a big fuss about it. Meanwhile, the customers are guilty of assumption too.

They’ve assumed that their suppliers would give them prior warning about securing these devices – in the same way that people who bought mobile phones assumed that the voicemail service wasn’t easily hacked by tabloid journalists.

There was an assumption that the service providers – who are passionate about customer service, don’t forget – would have a duty of care. It turns out they were not that passionate. Given the lack of warnings that are given to clients when they install their devices, they could be forgiven for assuming that security was no big deal.

Each side is convinced the other will take responsibility. Assumption, as they say in the logistics business, is the mother of all cock ups.

It’s understandable if an end user doesn’t bother to read all the notes that come with their device. If you sat down and read all the small print alluding to every piece of software, hardware and ‘important changes to your account’ you’d never get anything done. Your name would come up in HR crisis meetings.

There must be a creative solution to this. Surely it’s not beyond the wit and imagination of the IoT industry to devise some enforcement schemes. They owe it to us anyway. After all, if you are going to build a world run by machines, you shouldn’t make it easy for Dr Wannabe Evil to take it over.

There seem to be two options open to manufacturers, the Carrot and the Stick. Neither of them has been used yet, with device makers seemingly preferring to fall back on finger pointing. There must be ways to incentivise end users to make the effort.

Maybe vendors could bestow a prize on a random network or security manager who secured their network. Surely this would work as a marketing stunt too. Or maybe the vendor should try shock tactics, like the police use on homeowners. Perhaps they could randomly email network managers, saying, “we just tried hacking your router and noticed you’ve left it open.”

James Wickes, founder of community surveillance company Cloudview, is exactly the sort of person I’d expect to go for this carrot and stick approach. But he is having none of it.

“Rewarding people for changing their passwords is a bit much,” said Wickes, “you can only go so far with rewards and punishment and I’d hope that the recent spate of attacks would serve as a warning.”

Wickes advocates a kite mark for IoT security. “I believe that manufacturers have a responsibility to ensure the safety of the equipment they sell, just as car makers should ensure their cars are safe,” said Wickes.

Well, they don’t, and standards committees will never keep pace with cyber criminals. So, in the meantime, has anyone get any better ideas?

The author of this blog is Nick Booth, freelance IT and communications writer.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Blackline Safety sets new standard in connected worker safety with launch of G6

Posted on: September 26, 2022

San Diego, United States – Blackline Safety Corp., a global provider in connected safety technology, continues to trailblaze in the industrial worker safety market with the launch of a new connected wearable to transform single-gas detection. The all-new G6 personal gas detector – unveiled at the National Safety Council (NSC) Safety Congress & Expo in San Diego

Read more

Senet expands public LoRaWAN network across New York

Posted on: September 26, 2022

Portsmouth, United States – Senet, Inc., a provider of cloud-based software and services platforms that enable global connectivity and on-demand network build-outs for the Internet of Things (IoT) announced it is has expanded the build out of its public LoRaWAN network across all five boroughs of New York City. Through the combined operation of Senet’s

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox