What is the one vulnerability that almost everyone has that will allow a hacker to infiltrate our life and cause havoc? I can tell you.

by Joshua Moses

What is the one vulnerability that almost everyone has that will allow a hacker to infiltrate our life and cause havoc?

You.

We all have done it, we receive a gift during the holidays or we just go out and buy it for ourselves because it is the newest thing out on the market. Or perhaps you are just adding a new device to your current home network.

It could be a speaker that allows you to give it commands, play music and order things off the internet or it could be a doorbell camera, wireless router or baby monitor that utilizes wireless connectivity. These devices have been marketed as “Plug and Play” devices to help the consumer in their ease of setup once they get it out of the box. You just open it up, plug the power into the wall and there you go… instant connectivity. But has anyone taken the time to ask the question, “What are we giving up to get such an easy to use device?”

Well I’m glad you asked. I’m going to tell you.

I have nearly 20 years of experience in Cybersecurity, working in nearly every field that Information Security has to offer. Yes, I was a hacker. I enjoyed poking my nose into places where it did not belong just because I knew that I could. I started back when we had to use a telephone modem to dial into a server to gain access. Back then there weren’t passwords, merely telephone numbers to dial into assuming that if you had the number… you were authorized to access that particular system. Eventually enough of us were connecting to systems that we had not been allowed access to and then passwords were added. The proverbial brick wall that only slowed us down.

Things have certainly changed since then. Technology has progressed at blinding speed and we find ourselves in the middle of a world that questions whether it could survive without the internet if some sort of event caused a worldwide outage. Payments couldn’t be processed, reservations couldn’t be made and OMG!! We wouldn’t be able to access YouTube! The agony!

So getting back to that device that has been sold to just take it home and plug it in. The problem with that is that there are tools and actual websites that someone can go to that actually scans IP addresses and looks for open ports or vulnerabilities and collects that information in a manner that can be searched.

What I am saying is that if you go buy a device that is even made to help secure your network, like a wireless router/firewall combination and plug it in at home directly to your broadband connection and start using it… you have opened yourself and everyone else in your network to hackers.

A hacker can go to a website like Shodan and scan for open ports or certain models of router/firewall combinations and receive a report with a list of IP addresses that match their search results. If you didn’t change the password of that router/firewall combo when you plugged it in, the hacker can lookup the documentation of that particular device and login to it using the default username and password found in the user guide. From there they can invade your privacy, steal your information and do it because you basically left the back door unlocked. We see stories in the news all the time about families that suddenly hear a strange voice talking to them over their security system or baby monitor and wonder how that is possible. Well now you know.

So how do we address this? Folks it’s simple, just take the time to read the configuration manual and CHANGE THE PASSWORD before using the device. Anything that connects directly to the internet has an option to configure a password. You are not only protecting yourself, but everyone else also.

Who knows, maybe we could lobby congress and mandate some change.

Coming soon: Adding extra security with multi-factor authentication

I wrote some stuff. I am 1 part leader, 2 parts nerd, 2 parts single father, 1 part world traveler… too many parts?