Using strong, unique passwords (opens in new tab) for all of your online accounts and devices is often recommended as the best way to keep them secure but what if your devices don't have any password at all?
Unfortunately this is often the case with many smart devices (opens in new tab) according to new research from Avira's IoT research team which found that 34 percent of all cyberattacks on connected devices occur because no password credentials are set at all.
When launching IoT (opens in new tab) attacks, cybercriminals focus on a known vulnerability in a smart TV, smart camera or other connected device and try different username/password combinations in order to gain entry into the device.
- We've built a list of the best password managers (opens in new tab) around
- These are the best endpoint protection software (opens in new tab) solutions on the market
- Also check out the best business password management software (opens in new tab)
However, the “blank input fields” combination is significantly higher than the number of attacks with other popular username/password combinations which suggests that many smart device manufacturers are leaving these fields empty and therefore, easily crackable by hackers.
Smart device credentials
Security researchers at Avira used honeypots as a means of acquiring the data needed for their latest investigation. Honeypots (opens in new tab) are often used in the fight against cyberattacks as they allow researchers to attract hackers to uncover their latest techniques and preferred targets.
Manager of Avira's Protection Labs and IoT Research Lab, Imran Khan explained in a press release that blank credentials (opens in new tab) are even more common than using 'admin' as a password, saying:
"The most common credentials used by IoT attacks consist of a blank field. We found this via the Avira smart device honeypot. At the same time, this means that the attackers or their automated scripts do not enter a username or password to access the device. A blank password is even more common than the “admin” password.”
To secure smart devices, Avira recommends first trying to connect them to a PC in order to change their insecure default password (opens in new tab) to a more secure one though this won't necessarily work on every device. Users can also check for firmware updates online to fix any known vulnerabilities or problems with their devices. Finally, users should secure their network by scanning for any open ports that could attract uninvited hackers.
- We've also highlighted the best antivirus (opens in new tab)