Blame is an ugly word, but sometimes the truth hurts. At least, that’s where the news and investigation into last week’s large-scale DDoS attack have been taking us. While the full blame for the attack rests squarely on the shoulders of the perpetrators, there’s another group who carries some responsibility for what happened: consumers.
Specifically, it’s consumers who purchased IoT-connected devices and then thought “password” might be a good password on their accounts. The first logic failure was that “no one is going to hack into my wi-fi enabled toaster.” But the bigger danger is this: if you poll the average newbie-level tech user about password security and hacking, they’ll answer with something like, “I use an easy password because no one would bother guessing that one. They’ll think I’m too smart to use a word like that.”
Seriously. TechBeat interviewed someone two weeks ago as to why he’d used “password1” as his online banking password. He went on to explain that hackers would never guess that one while breaking into his account because they’d think it was too obvious. (Yes, too many people have never heard of easily-obtained software that can produce tens of millions of password guesses per second.)
The accounts that hackers seemingly used to flood websites like Twitter, Reddit, CNN, and many more last Friday appear to have been hijacked IoT accounts, according to one Chinese manufacturer who has now recalled several of its products due to vulnerabilities. Many of those accounts lacked a strong, unique password, according to the company. It’s somewhat understandable that you might not think to use a strong password on a kitchen appliance–as if someone is going to hack your crock pot and cook you dinner–but why would someone not think to use a strong password on their webcam?
Here’s where using a lazy, repetitive password has come to affect the rest of us. Before this type of cybertactic, if you were foolish enough to use “123123” on your Facebook account, well, that was pretty much your problem. Thanks to the ever-evolving world of IoT, though, your simpleton of a password can now impact millions of people. Passwords must be both strong and unique in order to protect your accounts, and to protect the rest of us.