Not too long ago, an article on BitDefender caught my eye. Titled “California’s ban on weak default passwords isn’t going to fix IoT security,” it explained how default passwords are a problem with the Internet of Things (IoT), but they’re not the problem. In fact, author Graham Cluley went so far as to say, “It also won’t address other problems such as IoT devices with weak or non-existent encryption, or internet-enabled technology which has no updating infrastructure if a vulnerability is found in the future.”
Cluley mentioned the Mirai botnet attack on Dyn’s DNS service and how default passwords are at least partly to blame for the ease with which the Mirai code took control of an army of IoT devices.