Properly protecting Internet-of-Things devices by changing their default password is among the top recommendations from security experts. More and more users abide by this basic principle, but data from Bitdefender BOX units suggests that they discriminate between connected systems, using better login passwords on some than on others.
Statistics from about 2,000 BOX units running in North America showed 50% of IoT gadgets identified as printers had a weak password. This could indicate that the owners never bothered to replace the factory access credentials or they chose a password that could be cracked easily.
Over time, printing systems have morphed into specialized computers that can receive commands over the web. They are part of the home network and make for as valid an attack vector as any other connected device. Leaving these machines unprotected is as dangerous as leaving other connected devices without protection.
Two years ago, a hacker gave the world a glimpse of how printers could serve personal interests. He scanned the web for insecure devices and commanded them to spew a racist and anti-semitic flier. At least 20,000 machines printed the message in colleges, universities and offices across the US. Another hacker last year instructed at least 160,000 public-facing devices to release custom messages.
Unauthorized printing is prank-level trouble, but an attacker could do a lot more harm. Access to documents and manipulating print jobs are likely risks that have been demonstrated by security researchers; jumping the fences deeper into the network and attacking other connected systems is also a potential threat.
At the other end of the weakly-protected IoT spectrum are IP cameras and network attached storage (NAS) equipment. The information received through Bitdefender BOX shows that 5 percent of home gadgets recognized as connected cameras are defended by insecure passwords. Even fewer NAS systems, 0.2 percent, were in this state.
The discrepancy in applying basic defenses for IoT gadgets may suggest that users consider some devices more prone to attack than others because of the data they handle. Media reports on security research and attacks focused on the more widespread IoT devices is also a plausible reason for this preferential approach.
A webcam is a window into your home, and its compromise would directly impact your privacy. A NAS device contains personal files that can be accessed over the network, so someone gaining unauthorized entry to the data could get a glimpse of your private life. Plenty of vulnerabilities have been found in this type of gadget and they’ve received widespread coverage in the press, making users aware of the threat they posed.
However, there is no room for half measures when securing the devices in your home. Using a good password to protect access to the administration panel of IoT devices reduce drastically your network’s susceptibility to a large type of attacks, discouraging attempts from less skilled attackers. Cutting direct access from the internet to the device where not needed reduces the risk of compromise even more.
Poor device protection was noticed by security companies early on, prompting the development of dedicated solutions that warn and protect users against weak spots. Bitdefender BOX casts its defense net across all IoT devices on the home network; it reports those with insecure passwords, highlights vulnerable gadgets and blocks exploitation attempts.
tags
September 06, 2024
September 02, 2024
August 13, 2024