The high risk of default passwords
Recent news has highlighted that foreign state actors are exploiting home, small business and large enterprise routers in an effort to gain cyber-war and espionage advantages. These are also targeted by criminal rings, so no shortage of bad actors looking to compromise critical network infrastructure. The security services of the UK and the USA have recently issued warnings and technical alerts on this topic.
Quick Summary: Default passwords are bad, immediately change the default password on your router. NOW, please.
Way too many network-connected devices have default passwords, and users often do not change them during deployment. For instance, if you have a TDS or Windstream supplied modem/router, the odds are very high it has a simple default password set on it. I know, I’ve been in many, many homes and you are all surprised when I can log onto your home router and adjust settings without having to ask you for the login info.
This is incredibly dangerous, as that means than an infected tablet, or set-top-box can just as easily log into the router and make changes that are extremely bad for your security. I’ve personally witnessed a Windstream router get re-infected in under 60 seconds once reconnected to the network with an infected set-top-box. It was redirecting the primary address resolution service (DNS) to locations that could pose as your financial services and other important sites, and get you to supply those credentials without you being aware they were being harvested.
Then, many devices, such as security cameras, have multiple logins, including some used for support that are widely known to humans and to malware. These are often infected when they are exposed to the Internet (so you can see video while away), or via local malware.
So it is important that ALL your network connected devices have unique logins YOU define and setup. No defaults, ever.
Start with your ISP router, make sure it has a unique password. And make sure you write it down and keep in a safe place.
Then for every WiFi or network connected device, make sure there is a unique password used to manage it.
And even if you have a third-party router in front of the ISP modem/router, you should still change the default password on the ISP device. Just look up the make and model of the ISP modem/router to find where to go to change that.
Since so many of you have IQrouters, I can say that by design, it has unique passwords, as it forces those to be configured during setup. It also protects against many types of attack, including the aforementioned DNS one. It was actually an IQrouter that prevented that customer from having a more serious issue, as the IQrouter detected an upstream DNS attack and stopped resolving addresses.
That said, care should always be taken with all your network gear, and for those looking for further protection, there are other security devices that can be deployed to help mitigate network-borne attacks. For instance, I use a Cujo AI security appliance to protect my outbound traffic, as I have over 60+ network-connected devices, and even though I know what I’m doing, this is added protection against ever evolving threats. But, it is a much more complicated network setup.
Bottom line, networks are important to modern life, and should be setup and cared for to ensure they not only operate well, but also are safe.