Many networks can be attacked because of their IoT devices and the device’s default passwords. We have discussed this before and there are recommendations to have all IoT devices on their own separate network as well as updating their default passwords. Pen testers are well aware of this habit, of users not changing their default passwords, and the utilize a tool called Shodan to help them. Daniel Miessler via his website danielmiessler.com has a great tutorial that shows how easy it is for people to use Shodan to find clients that may have default passwords.
Shodan and the Lack of Power of Default Passwords
Published
cybersqueeze 