CISA urges tech makers: Ditch default passwords for safer devices!

December 19, 2023
1 min read

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) has requested technology device manufacturers to take measures to eliminate default passwords due to the threats posed by IRGC actors. The use of default passwords makes it easier for hackers to gain access to devices and exploit them for nefarious purposes.

The critical infrastructure of the United States was recently targeted by threat actors who were successful in their attempts to exploit it. The attackers were able to gain access to the infrastructure by exploiting static default passwords.

Based on recent and continuing threat activity, CISA is issuing an alert to require all technology manufacturers to remove default passwords from all product designs, releases, and updates. Evidence has shown that it is insufficient to rely on consumers to change their passwords, and action by technology manufacturers is necessary to effectively address the threats.

To address the problem of default passwords, manufacturers are urged to:

  • Provide instance-unique setup passwords with the product.
  • Establish time-limited setup passwords that require activation of more secure authentication methods, including phishing-resistant MFA, and disable themselves after the setup process.

Manufacturers should also ensure that design and development teams engineer products with built-in security and safety by default.

This request by CISA highlights the importance of maintaining strong security measures and regularly updating passwords to prevent unauthorized access to critical infrastructure systems. It also emphasizes the need for manufacturers to take responsibility for the security of their devices and eliminate default passwords.

Latest from Blog

Top VPN’s privacy claims confirmed by independent auditors

TLDR: Independent auditors from Deloitte Romania confirmed CyberGhost VPN’s privacy claims through a detailed audit of their systems. Auditors found that CyberGhost’s no-logs infrastructure works as expected, ensuring user data privacy. Independent

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for