Following the news about the Hackers Test Stolen Emails W/IoT Devices (stories The WSJ, PYMNTS, Krebs on Security), Rod Schultz, IT security experts from Rubicon Labs and STEALTHbits commented below.
Rod Schultz, VP of Product at Rubicon Labs:
“Experts may have known about vulnerabilities in the networking protocols that were exploited for over 10 years, but the world has understood the dangers of a virus for over a century. Connect a device to a network and you must model that device as a biological entity. History has shown that certain biological viruses have catastrophic impact on society, and now that we are connecting billions of devices to a network it’s time everyone understands that the same thing is going to happen to digital things. Technological progress must be coupled with advances in security. Devices require unique credentials and identities that will create a more diverse attack surface and go a long way toward preventing this style of viral attack on our expanding digital world.”
Brad Bussie, CISSP, Director of Product Management at STEALTHbits:
“The main problem facing the Internet of Things stems from the common vulnerability known as the default password. How many devices do consumers purchase that have a default username and password that are never changed? Many internet routers, cable boxes and other devices connected to the internet all have default profiles used for configuration. The intention is for the end users to change the default password or to even create another user account once the device setup is complete, but most devices do not enforce this activity. So what are we left with? Millions of devices with admin and password as the only login information that an attacker needs. Gone are the days where simply being behind a firewall that’s set to deny most incoming traffic means a protected device.
“Hackers have databases with massive username and password combinations, and these databases grow bigger every day and with each data breach. In order to get in front of this wave crashing down on the Internet of Things, device manufacturers need to enforce a username/password change the first time a device is configured, and promote uniqueness for both.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…