Tag Archives: default

Lots of dots

Per this article:  http://bit.ly/1gJA0yu at Tofino and Bob Radvanovsky:

  • over 1,000,000 ICS/SCADA devices connected to the Internet discovered so far
  • discovering approximately 5,000 new ICS/SCADA connected devices/day

Device types include, but not limited to:

  • manufacturing/production control systems
  • medical devices
  • traffic management systems
  • traffic light control/traffic cameras
  • HVAC & building management systems
  • security/access control to include video/audio surveillance
  • data radios

and to keep it interesting, also found these connected to the Internet:

  • off-road mining trucks
  • crematoriums

In many cases, a web interface is enabled with default credentials in place.

I believe 1,000,000 is only a fraction of Internet-connected embedded/ICS/SCADA devices and that the rate of growth of new connections is way faster than anything that we saw in the PC days.

 

Default Passwords

Why is it important to change default passwords on hardware, applications, and other systems? Because the passwords are published and, in effect, not passwords at all.  A few responses from Googling ‘default passwords’ :

 

And there’s plenty more.

Lesson:

Default password = No password