1

enter image description here

The above picture is Brian Krebs responding with advice about protecting yourself from the IoT hacks. It's common advice given for protecting IoT devices from attacks like the Mirai botnet.

My question is, what does it mean? Supposedly the biggest category of devices compromised were webcams and DVR boxes. What does it mean to "change the password" of a DVR box? A webcam? Or any other IoT device (a coffee-maker password?) If I have a device that uses UPnP, where is its "password"? Those devices just plug in, and work. Never seen a coffee pot ask for credentials before.

WakeDemons3
  • 161
  • 1
  • 1
  • 3
  • I'd contact the manufacturer of these devices whenever it isn't clear or instructions aren't available online on how to change the credentials of each of these devices – psosuna Feb 01 '18 at 00:46
  • Just because they "just plug in, and work" doesn't mean that they are secure. Fundamentally, anyone else could "just plug in" the same device, to start with. In addition, some equipment enables additional functionality or test / debug features through another access method (often over a network). The credentials for all access methods should be secured so that the equipment resources are not made available to another who doesn't have your best interests at heart. (a webcam recording FOR a burgler, a coffee pot that never shuts off and burns down the house because: hacker, ... etc.) – Slartibartfast Feb 01 '18 at 00:58
  • You often can’t due to firmware limitations. – John Keates Feb 01 '18 at 01:12
  • who doesn't change the password on their security dvr? that's crazy... – dandavis Feb 01 '18 at 12:19
  • Problem is a lot of IoT devices have undocumented means of access, such as telnet with a weak root password. The much better solution is to keep them on an isolated network if at all possible. – AndrolGenhald Feb 01 '18 at 14:04

1 Answers1

3

What does it mean by credentials

A lot of devices like this will have a main interface and a web interface, which you normally use to update the device or check status. This usually has a login, which uses the creds described above. Examples of devices like this I have seen left using default credentials:

  • Cameras
  • Printers
  • Routers / APs / Switches

The problem is that if someone can get to the admin interface they can configure the device to do whatever they like, or install backdoors, hence the advice to completely reset the device and start from a clean slate.

Part of the appeal of these devices is that they can be used in a plug and play way, you just connect to the WiFi and they work, the problem with this is that it is very easy to not change the default password.

jrtapsell
  • 3,169
  • 15
  • 30