There’s been chatter about yet another botnet starting to form using insecure IOT devices.  Many of these are hacked because users never bother to change the default password, which is definitely bad behavior, but it’s also a cop-out by the vendors. The real problem is faulty design.

Simply put there is no reason to ship a device with a common (or easily derived) default password.  Better vendors generate a unique password for each device prior to shipping.  As long as it’s not directly derivable from the device ID) that’s not too bad, though it can cause support issues when, after a factory reset, the consumer has lost the removable sticker and is locked out of their device.  Support can sometimes tell them what the password is, which means they’re all stored in a database somewhere, and kind of renders the whole system moot.

The best option is to ship a device in an inactive/nonfunctional/setup state and require the user to create a password during the initial configuration.  After a factory reset, they’re again prompted to enter a new password – just like we have to do after wiping a smartphone.  So why so vendors still ship with common default passwords?  Maybe it’s cost cutting or lazy programmers & designers, or who knows what else, but in the end, it reflects a lack of secure thinking at the vendor.

So here’s something to ponder as you go into the holiday shopping season and start looking for new gadgets.  If the manufacturer can’t be troubled to provide a system for secure setup, they probably don’t have a system for secure updates either.  And if they can’t do either of those, just how secure do you think the rest of the device is?  Do you really want that on your home network?