Researchers from F-Secure have revealed the passwords most frequently used to attack honeypots – decoy servers around the world, designed to attract the attention of would-be hackers.
Perhaps unsurprisingly, the first password most attackers tried was ‘admin’, with ‘default’, ‘123456’ and ‘root’ following close behind.
Hackers also tried ‘vivx’ – the default password for DVRs made by Chinese company Dahua, which are used in security camera systems worldwide. Other popular passwords included ‘1001chin’ and ‘[email protected]’, which are factory defaults for other devices, such as routers.
The vast majority of the attacks on F-secure’s honeypots were from bots and malware scanning for IP addresses. These attacks can come from any device with an internet connection, including PCs and laptops, but also smart devices like toothbrushes and household appliances.
It’s therefore not only important for businesses to change their devices’ default passwords, but for home users to take precautions and secure their smart home devices by reading privacy policies, changing logins from their factory settings, and disabling features they don’t need.
Secure your devices
Other steps you can take to secure smart devices include resetting your router’s name so its brand and model aren’t immediately obvious, and enabling two-factor authentication wherever possible.
It’s also important to make sure the device’s firmware is kept up to date, so you have any new security patches. Look for an option to enable automatic updates, and if you can’t find one, check the manufacturer’s website to make sure you have the most recent release installed.
You can read the researchers’ full findings in F-Secure’s report.