Passwords have always been one of the simplest security methods, but the presence of default passwords in the IoT (Internet of Things) is very dangerous.

Many IoT devices come set up with a default password in place which is certainly a nice option, but when that default password is the same across the entire product range then it presents a major security flaw. Say, for example, you buy an IoT fish tank (yes, these actually exist) and it shares the same default password as all other IoT fish tanks in that product range, it’s not going to take much research to discover that password, is it? Sure, it’s just as easy to change the password, but how many people would think about adjusting security settings on a fish tank?

As more and more organizations are installing IoT devices, it’s a good idea to familiarize yourself with the dangers of default passwords and how to make your passwords more secure.

Default Passwords and their Dangers

It’s estimated that 15% of IoT device owners fail to change their default password, so it’s almost certain that all medium and large businesses have at least one employee with a susceptible IoT device. It’s partly laziness on the owners’ parts and it’s partly down to IoT technology being so new that people aren’t aware of the security risks. Nonetheless, it’s presenting a major security issue for organizations as hackers are taking full advantage of the situation.

Hackers are concentrating on the construction of malware which comes preloaded with huge lists of default passwords, so that breaking through defenses becomes that little bit easier and quicker. And this is exactly what happened when the Mirai botnet managed to infect nearly 185,000 IoT devices by exploiting default passwords. Default passwords are regularly being leaked and shared online, so the importance of changing these as soon as possible should be a paramount concern for organizations.

Protecting Against Default Passwords

If you want to improve the security on your IoT devices and protect the rest of your organization’s network, then you need to take note of the following tips:

  • Change the Password on a Protected Network: Before your IoT device is connected to the internet, make sure that it’s connected to an exclusive, protected network that cannot be accessed externally. This allows you to, first, test the device and, secondly, to change the password before it’s detected by IoT search engines such as Shodan. 
  • Run Regular Audits on All IoT Devices: Detecting and monitoring new devices on your network should become a priority. Any new and unknown devices to your network should instantly be blocked and an authentication process put in place. With this information you can then track down the device owner and ensure that any default passwords are changed before further access to the network is granted.
  • Don’t Use Admin as a Username: Admin is probably the most common username used in IT departments and hackers are well aware of this. Even if you’ve changed your default password to something highly cryptic, a simple username such as ‘admin’ instantly halves the amount of work a hacker has to do.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Hackers aren’t the only threat to the security of your organization’s Internet of Things (IoT), your employees can be just as culpable for security risks.

Let’s face it, the IoT is a relatively new phenomenon and, even though most of your employees will have smart devices at home, the majority of your workforce won’t be aware of the many security dangers. It’s this lack of knowledge which can lead to major security flaws which leave your network open to hackers and their accompanying chaos.

However, humans have a huge capacity for learning and if you can ingrain the basics of IoT security in the business culture, you’ll find that your employees are soon on top of things. And this knowledge can provide an extra layer of defense, so let’s take a look at how you can provide this.

Ban All Guest Access

Many organizations provide guest access to, at the very least, their Wi-Fi network so that visitors can check emails, liaise with their own staff and, more likely, check Facebook! However, whilst this is a generous gesture, it opens your network up to a whole host of security risks. If there’s a freely available guest network then it’s likely that everyone in your organization will know the password and it can be passed on to any visitors.

Now, you’re never going to know every single visitor to your company and, crucially, you’re never going to know how secure these visitors’ devices are. Therefore, it’s a highly dangerous move to allow your employees to grant free access to any section of your network. The simplest way to combat this and prevent bad security practices is to ban all guest access to your organization’s Wi-Fi. It may seem drastic, but it will really hammer home the security risk to your employees.

Improve the Password Culture

Passwords are one of the oldest forms of computer security, but they’re also one of the most effective. IoT devices, though, have a reputation for coming pre-loaded with highly weak default passwords, so the effort required to hack them is relatively low. Changing not only default passwords, but also regularly changing existing passwords remains a highly important task to secure your smart devices.

Your employees are likely to be highly busy, though, so changing their password will tend to fall down their list of things to do. This is where you, as an employer, need to ensure that regular reminders are sent out to your employees to indicate when passwords require changing. Ideally this should be between 6 – 12 weeks of the last password change and the best way to enforce this is by restricting access to applications if the password is not changed.

Whilst employees will initially grumble about having to change their password and remember a new one, these complaints will soon subside and employees will become compliant with the process.

Regular Training

As mentioned in my opening, the IoT is a new phenomenon and the collective knowledge of your employees will be limited. And that’s why you need to make sure that your staff are given regular training sessions on the importance of IoT security.

Ideally, the IT induction that all new starters take should include a section on IoT security; after all, almost of all your employees will bring a personal smartphone into work and, of course, certain employees will be issued with company laptops and smartphones, so the need for good security practices from the off are vital.

It may seem time consuming to complete inductions and regular refreshing training, but the enhanced knowledge among your workforce will ensure that your networks remain safe from the most simple (yet damaging) IoT security mistakes.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The Internet of Things (IoT) can help run almost any device in use in your organization, but this also means you could be hacked by a fish tank.

This may sound highly unlikely, but this is exactly what happened to a North American casino and underlines just how vulnerable IoT devices are. It also demonstrates how every single IoT device, no matter how insignificant and harmless it may appear, is at risk. Hackers, after all, do not discriminate – if there’s a way to gain access to a network then they’ll exploit it.

As this is one of the more unusual attacks to have affected an IoT device, I’m going to take a closer look at it before advising you on a few tips to avoid getting hacked by a fish tank.

Hacking the Tank

The fish tank – which was situated in the unnamed hotel – had been installed with state of the art sensors which monitored and regulated factors such as water temperature, saline levels and release of food. Making devices such as these sensors compatible with IoT technology allows the tank to be controlled remotely, but this accessibility also opens up such IoT devices to the interests of hackers. Although the hotel had security measures in place, they were evidently not secure enough.

Many IoT devices lack advanced, internal security technology so any external security measures need to be as advanced as possible to pick up the slack. In this particular case, the fish tank’s sensors were hacked which allowed the hackers to transmit 10GB worth of data to a remote server based in Finland. The casino’s existing security tools were able to identify that data was leaking externally, but were unable to identify where from and where it was being transmitted to.

Thankfully, security experts Darktrace were able to pinpoint where the vulnerability was and were able to advise the casino to disconnect the fish tank sensors immediately. 10GB worth of data may not sound like a huge amount of data in this day and age, but when you consider the amount of personal and financial details a casino may hold, 10GB could cause a lot of concern for any patrons of the casino.

Securing IoT Devices

Being hacked through a fish tank is a highly embarrassing security flaw for any organization, so understanding how to secure IoT devices is paramount. Make sure you’re implementing the following security measures with IoT devices:

  • Change Default Passwords – Many IoT devices come preloaded with a default password and, by leaving this in place, you’re reducing the number of guesses and effort that a hacker needs to put into brute-force hacking the password. It’s estimated that around 15% of IoT device owners do not change this default password, so make sure you change this as soon as the device is installed.
  • Install Firmware – As I’ve previously mentioned, the security technology loaded onto IoT devices is sometimes sadly lacking. However, even worse than poor security software is outdated security software. And that’s why it’s crucial that any firmware updates are installed immediately to patch any potential vulnerabilities.
  • Separate Networks – The number of IoT devices operating in any one organization can easily run into the hundreds. Essentially, this means that there are hundreds of routes into your network and this could cause real chaos if just one device is breached. Therefore, penning off IoT devices into separate networks is a preventative step which can limit the reach of any hackers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More


The Internet of Things (IoT) relates to all those smart devices which can connect to your network and communicate with it, but how do you make the IoT safe?

We have smart devices not just at home, but also within our businesses and it’s no surprise to hear that it’s estimated up to 8.4 billion smart devices will be connected in 2017. Naturally, with such a huge number of devices accessing networks, it’s not surprise that they’re proving to be highly interesting to hackers.

As our business life is becoming more and more digital, the need for the IoT is increasing just as rapidly, that’s why I’m going to share 6 tips to keep the IoT secure.

1.  Understand What’s Connected

It’s important that you know which devices are regularly connected to your network. By understanding which devices offer a route into your network, you’re able to take preventative measures to help safeguard against any vulnerabilities. Make sure that a database is kept and regularly updated to include any new hardware so that you can fully understand the reach of your IoT.

2.  Keep IoT Devices on a Separate Network

If one of your IoT devices is compromised by a hacker then this represents a threat to everything on that network, so it’s important that you segment all your IoT devices onto a separate network. In the event of an IoT device being hacked you can then limit the data on offer to the hacker.

3.  Don’t Leave Devices Connected for Longer than Necessary

It’s impossible to hack a smart device which isn’t plugged in, so to completely minimize the risk it’s highly recommended that smart devices are disconnected from the network when they’re not being used. This is a good security practice that needs to be communicated to all employees as anything can be hacked be it a printer or a webcam.

4.  Always Install Firmware Updates

As with any other piece of hardware or software, firmware updates for smart devices need to be installed as soon as possible. Not many people are aware of the security risks associated with smart devices, so firmware updates are often ignored – this is why hackers are starting to target them more and more often. So, once you see that update request, make sure you click it.

5.  Limit Personal Device Usage

99.9% of the population appears to have a smartphone, so this means that almost all of your employees will be bringing a smart device to work every day. And, to ensure that they can keep up to date with Facebook, they’ll be piggybacking onto your company WiFi to create an internet connection. Therefore, it’s important that you limit personal device usage or, at least, create a sign in method which uses company email addresses. 

6.  Password Protect Everything

Finally, you must make sure that you password protect every single smart device within your business. As previously mentioned, it’s easy to assume that a printer is never going to get hacked, but it happens. By establishing a set of passwords (all different of course) for all your smart devices you’re putting that extra layer of defense in front of your business. And the more defenses you have, the less attractive your network becomes to hackers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


It’s easy to talk about the IoT (Internet of Things) security issues in theory, but what actually happens when the IoT gets hacked?

Understanding exactly what happens when IoT devices get hacked and how they get hacked is crucial in helping to protect your organization. Knowledge, of course, isn’t a cast iron guarantee you will avoid be hacked, but it certainly puts you in a much stronger position.

Let’s take a look at four real life examples of the IoT being hacked.

Unsecured University IoT

Verizon’s Data Breach Digest 2017 report details the example of an unnamed university where the network was flooded with Domain Name Service (DNS) requests for seafood restaurants. Whilst it sounds like a student prank, it was actually an outside attack by hackers which used 5,000 IoT devices such as vending machines and lighting systems. The hack was achieved through a brute force attack which took advantage of weak passwords so that malware could be deployed and bring the university’s network to a standstill.

IoT Cameras Hacked

The popular IoT security camera range – NeoCoolCam – has been found to contain a major security flaw which means that they can easily be hacked from outside the network they’re on. Given the security nature of the devices, these cameras can easily be compromised for unauthorized surveillance or even as a stepping stone to get even deeper into a network. Researchers at Bitdefender have found that all it takes is for the easily accessible login screen to be manipulated in order to take control of any of the 100,000+ cameras currently in use.

The Mirai Botnet

Poor password management is one of the biggest flaws in data security and the Mirai botnet certainly takes advantage of this. A piece of malware which infects network devices running on Linux, Mirai instructs these devices to constantly search the internet for vulnerable IoT devices. The fatal flaw contained within these IoT devices is that their factory set default username and passwords have not been changed. As Mirai is loaded with a list of these default details, it’s able to quickly take control of these devices and Mirai was even involved with an attack on Liberia’s internet infrastructure.

Hacking a Jeep

Perhaps the most disturbing and dangerous example of IoT devices being hacked is the case of a Jeep Cherokee 4×4 vehicle being compromised. Security researchers Charlie Miller and Chris Valasek were able to identify a zero day exploit which allowed them to send instructions to the vehicle through its entertainment system. Not only did this provide them with the opportunity to remotely change the in-car temperature, they could also influence the vehicle’s steering and braking systems. All it required was knowledge of the individual vehicle’s IP address to take control.

All four of these examples demonstrate just how far behind that IoT device manufacturers are when it comes to the security of their devices. Naturally, the manufacturers have a lot to do to ensure that their devices are safe from the moment they’re installed, but the owners of these devices also need to be mindful of good password practices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More