WQ6N
Occasional Visitor
I was thinking of a past exploit where the hard drives internal to printers and copiers where harvested for the information. What initiated this thought was the fact that I was getting ready to return a router to be replaced. Seeing literally hundreds or more of boundary devices being turned in with VPN and Wifi credentials still in the NVRAM the presents low hanging fruit for harvesting. Extending the imagination to government (city, county, state, or federal) personnel, businesses, health industry and just about anyone in one of the nations 18 DHS critical sectors.
We know that humans rarely change Wifi or VPN pass phrases. Even fewer use two factor authentication. Anyone of these Wifi routers presents a foothold if one is turned in without removing those credentials. I know that I am personally sensitive to this as a victim of a data breach.
So "they" may have harvested Admin, Wifi and VPN credentials. How many people use those same credentials on their other platforms. "Keys to the Kingdom". I am not sure how secure the hash is, but I have used the Rainbow Tables in the past and they are pretty darn good.
This could be the story for any device in the Internet of Things (IoT).
Was wondering if anyone else had similar concerns....
We know that humans rarely change Wifi or VPN pass phrases. Even fewer use two factor authentication. Anyone of these Wifi routers presents a foothold if one is turned in without removing those credentials. I know that I am personally sensitive to this as a victim of a data breach.
So "they" may have harvested Admin, Wifi and VPN credentials. How many people use those same credentials on their other platforms. "Keys to the Kingdom". I am not sure how secure the hash is, but I have used the Rainbow Tables in the past and they are pretty darn good.
This could be the story for any device in the Internet of Things (IoT).
Was wondering if anyone else had similar concerns....
