OCT 22, 2021
Why your IoT devices may be vulnerable to malware
SEP 08, 2021
Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.
You may make a concerted effort to protect your computers and network with strong passwords and robust security. But what about your Internet of Things devices? A new survey from password manager NordPass reveals that many IoT devices are saddled with their default passwords, making them an open target for cybercriminals.
In a survey of 7,000 people across Australia, Canada, France, Germany, the Netherlands, the UK and the United States, NordPass found that only 33% of users changed the default passwords on their IoT devices. The rest continued to use such built-in passwords as "admin" or "123456." Such simple passwords are easy to hack, paving the way for malware and other types of cyberattacks.
Beyond sticking with the default passwords, many users failed to properly secure their IoT devices in other ways. Among the respondents, only 36% changed the default password on a router, only 20% added a VPN to a router, and just 13% said they chose to buy IoT devices based on strong security features or not buy devices based on weak security features.
Over the past few years, the lack of proper IoT security has led to a variety of incidents in which cybercriminals actively hit devices with default or weak passwords. In 2012, the Carna botnet targeted routers with default passwords or no passwords. This attack scooped up information about IPv4 addresses, leading to a detailed image of the internet.
In 2016, the Remaiten malware infected Linux-based routers by brute-forcing default username and password combinations. After infecting a device, Remaiten managed to launch distributed denial-of-service attacks and download additional malware. And in 2017, the BrickerBot malware tried to log into IoT devices with weak security as a way to run malicious commands designed to disable them.
"Many people think that most IoT devices don't hold that much personal data compared to laptops or smartphones," NordPass security expert Chad Hammond said in a press release. "However, it's important to protect IoT devices, too."
To help you properly secure your IoT devices, NordPass offers the following tips: