Safer Harbor

Helping companies navigate the treacherous waters surrounding IT security and secure product development

You NEED to be Santa (and your family’s) Cyber-Helper

Santa-cyber-shutterstock_85551940 (800x600)

The odds are very good that someone in your family got an Internet-connected device this holiday season.  This year, in addition to the old staples such as routers and tablets, your family members may be getting cameras (to watch people steal their Amazon and Google Express deliveries), thermostats, sprinkler controllers, crock pots, internet-connected refrigerators, etc.

 

And virtually all of them come with a default password.  And virtually all of those are well known, and bad.

 

So help Santa this year by making sure that when you give an internet-connected thing, you also give the instructions for securing the device and changing the default password and account.  If you didn’t give the gift, but are called on as your family’s Tech Support guru, help out with these simple tips.

 

1) Change the default credentials (username, password) that come with the device.

 

     Username: admin
     Password: admin

 

is so-Twentieth Century.  Find the Administrative or User sections of the device UI and change the default credentials (the username and password).  But be sure your family member stores the new credential info in a safe place, such as a Password Vault application – not on a yellow Post-It note…

 

2) For WiFi Access Points or WiFi routers:
     – Change the SSID to something unique.  Good examples:
          – notyourwifi
          – mumblefratz (unless that’s your name)
          – NSA Surveillance Van — OK, not original, but good for a laugh…
          – To be even more secure, avoid the top-1000 most-common SSIDs – hackers have pre-computed millions of passwords for these, making it easier to break into the network:
               https://wigle.net/stats

 

     Your favorite college or pro team name, or really any unique string of letters and numbers is fine.  Do not use the equipment vendor’s name (linksys, netgear, …) because that may help someone identify a list of possible bugs and exploits more easily.  I also don’t use my name or my family’s names – while your neighbors all know this info, the drive-by bad guy doesn’t need to have this information easily accessible.

 

     – Use the strongest security option available.  Use WPA2 Personal (possibly listed as WiFi Protected Access)

 

I’ve created an initial list of some popular connected Things and have provided information on the latest firmware/software version and a pointer to the manual.  Help your family, help your friends, help your neighbors.  Update their firmware/software, set a good administrative username/password, update their SSID and get them off-and-running with their new gear.  You’ll be a hero – and most likely cut down on the follow-on calls for support in the New Year…

 

Manufacturer Model Latest Firmware Version Instructions
Linksys
WRT1900AC
http://downloads.linksys.com/downloads/userguide/1224701614608/MAN_WRT1900AC_8820-01897_RevA00_EN_FR-CA_Comprehensive.pdf
EA9200 (AC3200)
Ver.1.1.5 (Build 164615) – Dec. 16, 2014 http://downloads.linksys.com/downloads/userguide/1224702983045/MAN_EA9200_LNKPG-00172_RevB00_CA.pdf
E1200 NP
Hardware version 1.0:  Ver.1.0.04 (Mar 26, 2014)
Hardware version 2.0/2.2: Ver.2.0.06 (Build 6) (Aug 28, 2013)
http://downloads.linksys.com/downloads/userguide/E_Series_UG_E900Rev_3425-01486_Web.pdf
EA6350-4A
Ver.1.0.3 (Build 160602) (Aug 4, 2014) http://downloads.linksys.com/downloads/userguide/UserGuide.pdf
EA6900 Ver.1.1.42 (Build 161129) (May 30, 2014) http://downloads.linksys.com/downloads/userguide/1224699372213/MAN_EA6900_8220_01617A00_Userguide_EN.pdf
EA6500 Hardware version 2.0: Ver.1.1.40 (build 160989) (May 30, 2014)
Hardware version 1.0: Ver.1.1.29 (Build 162351) (July 31, 2014)
http://downloads.linksys.com/downloads/userguide/EA-Series_UG_Full_3425-00125D_EN_FR-CA_Web.pdf
TrendNet AC1750 (TEW-812DRU) Version 1.0R:  1.0.13.0 (Aug 19, 2014)
Version 2.xR:
2.0.8.0
(Sept 10, 2014)
Ver 1.0R: http://www.trendnet.com/asp/download_manager/inc_downloading.asp?iFile=21868Ver 2.xR: http://www.trendnet.com/asp/download_manager/inc_downloading.asp?iFile=23528
Asus
RT-AC68U
Version 3.0.0.4.376.3626 (Nov 14, 2014) Ver E9183: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC68U/E9183_RT_AC68U_Manual.zip
RT-AC87U
Version 3.0.0.4.376.2769
(Sept 22, 2014)
Ver E9689: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC87U/E9689_RT_AC87U_Manual.zip
D-Link
AC1750 (DIR-510L)
Ver 1.04.B01 (Oct 07, 2014) ftp://ftp2.dlink.com/PRODUCTS/DIR-510L/REVA/DIR-510L_REVA_MANUAL_1.00_EN.PDF
Netgear N900 (WNDR4500) 1.0.0.54 http://www.downloads.netgear.com/files/GDC/WNDR4500V2/WNDR4500v2_UM_25Aug2014.pdf
Nighthawk X6 (AC3200) 1.0.1.16 http://www.downloads.netgear.com/files/GDC/R8000/R8000_UM_24July2014.pdf
Apple AirPort Extreme A1521 Ver 7.7.3 http://manuals.info.apple.com/MANUALS/1000/MA1644/en_US/airport_extreme_80211ac_setup.pdf
Western Digital MyNet N900 1.07.16 (May 2013) http://www.wdc.com/wdproducts/library/?id=334&type=25
Nest Learning Thermostat Version 4.3.3 (Nov 17, 2014) https://nest.com/support/article/A-step-by-step-guide-to-setup-on-the-Nest-Learning-Thermostat
Honeywell Lyric Thermostat 1.1.9.3 (?) (Sept 2014) https://www.forwardthinking.honeywell.com/related_links/thermostats/03-00112_Lyric_Trade_FAQ-JJ.pdf
FAQ and info on routers supported, power requirements, etc.
Dropcam http://support.dropcam.com/entries/21661697-How-do-I-set-up-my-new-camera-

 

We can make the connected world safer, because as you’ll see in the links below, the bad guys are out there.

 

Please comment on this post and add pointers to other devices that you – or your family – received.  Let’s all help each other.

 

I hope that you are having a very happy holiday season!

 

http://abcnews.go.com/WNT/video/russian-website-hacks-nanny-cams-baby-monitors-27068822?tab=9482931&section=1206833&linkId=10713998

 

 

http://www.infotechlead.com/2014/11/26/symantec-predictions-2015-smart-homes-the-next-big-target-26826?linkId=10756443

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Information

This entry was posted on December 25, 2014 by in Internet of Things, Security Awareness and tagged , , , , , , .
%d bloggers like this: