Safer Harbor

Helping companies navigate the treacherous waters surrounding IT security and secure product development

You NEED to be Santa (and your family’s) Cyber-Helper

Santa-cyber-shutterstock_85551940 (800x600)

The odds are very good that someone in your family got an Internet-connected device this holiday season.  This year, in addition to the old staples such as routers and tablets, your family members may be getting cameras (to watch people steal their Amazon and Google Express deliveries), thermostats, sprinkler controllers, crock pots, internet-connected refrigerators, etc.


And virtually all of them come with a default password.  And virtually all of those are well known, and bad.


So help Santa this year by making sure that when you give an internet-connected thing, you also give the instructions for securing the device and changing the default password and account.  If you didn’t give the gift, but are called on as your family’s Tech Support guru, help out with these simple tips.


1) Change the default credentials (username, password) that come with the device.


     Username: admin
     Password: admin


is so-Twentieth Century.  Find the Administrative or User sections of the device UI and change the default credentials (the username and password).  But be sure your family member stores the new credential info in a safe place, such as a Password Vault application – not on a yellow Post-It note…


2) For WiFi Access Points or WiFi routers:
     – Change the SSID to something unique.  Good examples:
          – notyourwifi
          – mumblefratz (unless that’s your name)
          – NSA Surveillance Van — OK, not original, but good for a laugh…
          – To be even more secure, avoid the top-1000 most-common SSIDs – hackers have pre-computed millions of passwords for these, making it easier to break into the network:


     Your favorite college or pro team name, or really any unique string of letters and numbers is fine.  Do not use the equipment vendor’s name (linksys, netgear, …) because that may help someone identify a list of possible bugs and exploits more easily.  I also don’t use my name or my family’s names – while your neighbors all know this info, the drive-by bad guy doesn’t need to have this information easily accessible.


     – Use the strongest security option available.  Use WPA2 Personal (possibly listed as WiFi Protected Access)


I’ve created an initial list of some popular connected Things and have provided information on the latest firmware/software version and a pointer to the manual.  Help your family, help your friends, help your neighbors.  Update their firmware/software, set a good administrative username/password, update their SSID and get them off-and-running with their new gear.  You’ll be a hero – and most likely cut down on the follow-on calls for support in the New Year…


Manufacturer Model Latest Firmware Version Instructions
EA9200 (AC3200)
Ver.1.1.5 (Build 164615) – Dec. 16, 2014
E1200 NP
Hardware version 1.0:  Ver.1.0.04 (Mar 26, 2014)
Hardware version 2.0/2.2: Ver.2.0.06 (Build 6) (Aug 28, 2013)
Ver.1.0.3 (Build 160602) (Aug 4, 2014)
EA6900 Ver.1.1.42 (Build 161129) (May 30, 2014)
EA6500 Hardware version 2.0: Ver.1.1.40 (build 160989) (May 30, 2014)
Hardware version 1.0: Ver.1.1.29 (Build 162351) (July 31, 2014)
TrendNet AC1750 (TEW-812DRU) Version 1.0R: (Aug 19, 2014)
Version 2.xR:
(Sept 10, 2014)
Ver 1.0R: 2.xR:
Version (Nov 14, 2014) Ver E9183:
(Sept 22, 2014)
Ver E9689:
AC1750 (DIR-510L)
Ver 1.04.B01 (Oct 07, 2014)
Netgear N900 (WNDR4500)
Nighthawk X6 (AC3200)
Apple AirPort Extreme A1521 Ver 7.7.3
Western Digital MyNet N900 1.07.16 (May 2013)
Nest Learning Thermostat Version 4.3.3 (Nov 17, 2014)
Honeywell Lyric Thermostat (?) (Sept 2014)
FAQ and info on routers supported, power requirements, etc.


We can make the connected world safer, because as you’ll see in the links below, the bad guys are out there.


Please comment on this post and add pointers to other devices that you – or your family – received.  Let’s all help each other.


I hope that you are having a very happy holiday season!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


This entry was posted on December 25, 2014 by in Internet of Things, Security Awareness and tagged , , , , , , .
%d bloggers like this: