The Dyn DNS attack that happened last year is the largest distributed denial of service (DDoS) attack on record, simply because of the enormity of the connected devices involved and the number of businesses that were impacted by it. The Mirai malware, responsible for this attack, compromised hundreds of thousands of connected devices with default IoT passwords to blast an estimated 1.2 terabits of data per second. And, this was not Mirai’s first rampage. Security journalist Brian Kreb’s website was taken down by Mirai exactly a month before the Dyn DNS attack.

Mirai means ‘the future’ in Japanese. Mirai is open-source, and the code has been published on hacker forums so that it can be used in various other malware attacks.

So, what were the interconnected devices exploited? Our baby monitors, IP cameras, DVRs and such. And why? Because we didn’t bother to change the default passwords, or just too lax in setting up a strong password. This was what helped Mirai create a massive botnet in the first place.

Stupidest IoT passwords

On a lighter vein, here are the 10 stupidest passwords to have on interconnected devices to help malware bots like Mirai run amok and have fun, destroying businesses.

  1. admin
  2. password123
  3. 123456
  4. 111222
  5. admin1234
  6. password
  7. 1111111
  8. system
  9. 888888
  10. default

Strong IoT passwords

IoT devices like IP surveillance cameras and routers are mostly fix and forget devices — means, we may not login to such systems every now and then and change passwords, like we do on our laptops and workstations. Follow these simple tips to strengthen your passwords on IoT devices:

  1. Unique password — choose a password that’s different from your banking, email or any other commonly used services
  2. Password length — at least 12 characters
  3. Characters — have a mix of capital letters, special characters and numbers
  4. No to phrases — knightrider, even if written as Kn1ghtR!d3r, is crackable with powerful cracking tools
  5. No dictionary words — the obvious!
  6. Password clues — don’t just write down the password list (e.g. Smart refrigerator — Kn1ghtR!d3r, IP cam — f00dJunK!3, etc). Have password clues so that only you can recollect the password

With the Internet of Things (IoT) devices poised to reach a staggering 50 billion devices by 2020, we cannot afford to have our devices become a part of a botnet just because we didn’t bother to have a stronger password. Think.


Originally published at deviceforward.com.