Default Admin Accounts - Change 'em, Change 'em now!
- Brian Lechner
- Jul 31, 2020
- 2 min read
As the number of devices connected to the internet increases, so does the number of devices that can be exploited by cyber criminals. You can mitigate this risk by changing the default device admin password, the default Wi-Fi password and ensuring all devices are on the most recent firmware release.
Surprisingly, this issue is not unique to consumers, many businesses have devices on their networks which still have default accounts assigned to them. Default accounts are easily found by a simple Google search. Sites such as Datarecovery.com post listings of known default accounts for hundreds of network devices.
In the home, every device that connects to the internet will have a default administrative account setup. Be it a router, modem, TV, doorbell camera… you name it, and there is a default account that MUST be changed.
So, what’s the big deal? The big deal is that if a cyber criminal gains access to your router, they can watch everything you do on the internet. They would have access to your home Wi-Fi network, which in turn gives them access to your computer, phone, printers, tablets, etc.
A survey done by Brodbandgenie.co.uk in 2018 revealed that 82% of respondents have NEVER changed administrator passwords on their Wi-Fi routers. This is concerning. I have no doubt there are millions of Wi-Fi routers in the U.S. that are vulnerable due to defaults not being changed.
Changing the default password, and in some cases the default administrator account name, is not difficult. In fact, these instructions usually come with the device. Also, instructions on changing default passwords on most devices can be found on-line as mentioned previously.
In a similar survey, Broadbandgenie found that nearly 48% of those surveyed didn’t change default settings because they didn’t know why they’d need to. In addition, 51% said they’ve never done anything to secure any of their internet facing devices.
As the IoT (Internet of Things) continues to grow, so must educating people on the importance of securing their devices. There are some manufacturers that are starting to force admin password changes during device setup and that auto-update when new firmware is available; this is a huge step in the right direction. But, until all devices feature some kind of forced security setup, this will unfortunately continue to be a vulnerability that could easily be mitigated if everyone understood the importance of locking their devices down.
How to change admin password on popular routers:
Additional Reading:
Comments