As per the recent reports, a list of IP addresses and login credentials for more than 8,000 telnet-accessible Internet of Things (IoT) devices was posted on Pastebin. GDI Foundation chairman Victor Gevers mentioned that out of 8,233 devices only 144 has different login credentials. He also mentioned that the common credentials are root:[blank] (782 instances), admin:admin (634), root:root (320), admin:default (21), and default:.
Varonis technical evangelist Brian Vecci told that a leak as big as this one opens the door to a wide variety of infections and exploits. “Not only do consumers need to be mindful of what they put on their network and do what they can to secure their devices, but manufacturers have an obligation to make security an essential part of the design with IoT products,” he said.
Vecci said that defaults settings is an open invitation for attackers.
“Device manufacturers need to build better security into the design of their products and services to ensure that even if a consumer doesn’t take the time to customize the device, it’s not accessible and inviting abuse,” Vecci added. “Some manufacturers, for example, are beginning to minimize the risk of devices being hacked by randomizing factory default credentials and disabling remote access by default.”
As per the recent Irdeto survey, 90 percent mentioned that the cyber security should be inbuilt in IOT devices.
“Today’s connected world needs consumers to be vigilant about security threats,” Irdeto director of IoT security Mark Hearn said in a statement. “On the device manufacturer side, there must be a better ‘defense-in-depth’ approach to cyber security that integrates multiple layers of security into a system. This approach, combined with ongoing security updates to protect against the latest threats, is critical to mitigate attacks targeting IoT technologies.”
New IoT Cybersecurity Improvement Act of 2017 was introduced in the US to tackle security issues.
“My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products,” bill co-sponsor Sen. Mark Warner said at the time.
____________________________________________________________________________________________
Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.