Stuxnet Worm Shows Persistence Of Default Password Vulnerability
The fast-moving Stuxnet worm targets Siemens industrial automation controls via default passwords, yet Siemens recommends that customers not change those passwords. Not a Siemens customer? You're not off the hook. Default passwords may well be more of an issue at your company than you know.
The fast-moving Stuxnet worm targets Siemens industrial automation controls via default passwords, yet Siemens recommends that customers not change those passwords. Not a Siemens customer? You're not off the hook. Default passwords may well be more of an issue at your company than you know.Evidently the Stuxnet worm's vector of choice is USB sticks, but its target is Siemens industrial process control software.
Doing so, it turns out, could throw the Siemens systems into chaos.
Why a hard-coded default password that has been publicly known (at least to the part of the public that goes to default password boards and listings) for years can't be changed even after a compromise as serious as Stuxnet is between Siemens and its customers.
But default passwords are hardly exclusive to Siemens, and if you haven't done an audit of your company's systems and whether or not any of them are running factory-installed passwords, now's the time.
This this one through and check on all possible default passwords that might be lingering in your workplace.
Not just the wireless routers and other devices that tend to be the first defaults we think of, but also any password-required device that came with a password in-place. Smart networked copiers, for instance -- and don't forget to see whether the manufacturer put a "hidden" default password in place for ease of service technician access.
Change those defaults right away.
Default passwords are a vulnerability you can do something about very easily -- unless of course you're a Siemens customer.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 18, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."