Below is a link to a good place to start.
The article has links to more info.
Various 'things' connected to the internet (mostly web cams) got infected with malware because the default username and password was never changed. Of course the bad guys know those defaults.
Many of those 'things' also allow communication over the internet via SSH and/or Telnet. The default username and password for SSH or Telnet access to the device might be (1) different than the username and password for the web interface and (2) hardcoded in the firmware in the device.
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
This is the big takeaway that needs to be addressed right now if the Internet of Things is to continue:
Quote:
“The issue with these particular devices is that a user cannot feasibly change this password,” Flashpoint’s Zach Wikholm told KrebsOnSecurity. “The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”
As far as I'm concerned, the super minor convenience being offered by internet-connected household appliances and gadgets like Thermostats, Washing Machines, Refrigerators and such are vastly outweighed by the potential pitfalls of security holes like this. DVRs and Wifi enabled TVs are another story given how much of that content is delivered and accessed via the internet now, but the same concerns still remain. The companies who make these products really need to be held responsible for selling vulnerable products.
The 'big picture' scary thing is the devices (web cams, etc) that are infected with the malware are (1) still infected, (2) still conected to the internet, (3) still unfixable and (4) the malware in the devices can be told anytime to do more harm.
There are components in those products that have firmare that (1) allows access to the component from anywhere on the planet via telnet, (2) has telnet turned 'on' and (3) includes a default username and password hardcoded in the firmware. The bad guys and gals know those defaults and the SOL enduser has no way to change the firmware.
some but not all web cameras can be flashed with new firmware. anyone who wants to try should check out the manufacturers site. also if the camera is attached to a pc and the internet via broadband modem and is more than likely usb then a second router can be installed and the camera plugged into that router, this would make the camera invisible to the internet....it is a bit tricky to do so you need to search the web for info but it can be done..also this method can be used to extend the range of any broadband modem/router and eliminate blind spots in your home...information is available on the web..
addendum this site might help
http://lifehacker.com/how-to-extend-your-wi-fi-network-with-an-old-router-915783308
ha... i just reread this article and I guess I made a boo boo...usb and ethernet are not one and the same so you would need another pc ...my bad
further info: this will still work to hide your pc and anything attached to it by using an older router attached to your broadband modem via ethernet or even wireless.....your isp provider may have restrictions on such an arrangement....and then again since I have done this once ......
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Disclosure: As an Amazon Associate NWHikers.net earns from qualifying purchases when you use our link(s).