Exposed Passwords Expose Access to Dozens of Apartment Buildings
A default password shipped in a widely used door access control system allows anyone to easily and remotely access door locks and elevator controls in dozens of buildings across the U.S. and Canada, a security researcher found. The vulnerability is rated as a 10 out of 10 on the vulnerability severity scale due to its ease of exploitation. Hirsch, the company that owns the Enterphone MESH system, has refused to fix the bug, citing its design and customers' failure to change the default password.
- The widespread adoption of default passwords in internet-connected devices highlights a broader issue with security best practices, where companies prioritize convenience over user safety.
- What steps should governments take to regulate or incentivize technology makers to adopt more secure default settings for their products?