\u003c/div>\n\u003ch2>The smart home device Achilles heel: Using default passwords\u003c/h2>\n\u003cp>The prevalence of Internet of Things devices that ship with default passwords is nothing new. Research by \u003ca href=\"http://blog.ptsecurity.com/2017/06/practical-ways-to-misuse-router.html\">Positive Technologies\u003c/a> from 2017 showed that default passwords to 15 out of 100 IoT devices had never been changed. While not the majority, that’s certainly a large chunk of the \u003ca href=\"https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/\">26 billion\u003c/a> smart things devices out in the wild. The hacker is presumed to be inspired by the botnet \u003ca href=\"https://arstechnica.com/information-technology/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/\">BrickerBot\u003c/a>, which plagued smart devices back in 2017. Both Silex and BrickerBot before it rely on default login credentials to gain control.\u003c/p>\n\u003cp>The danger associated with most of the devices around us having guessable passwords is obvious. So much so that, \u003ca href=\"https://techcrunch.com/2018/10/05/california-passes-law-that-bans-default-passwords-in-connected-devices/\">in 2018\u003c/a>, California banned hardware from shipping with guessable logins like “password” and “123456.” The law also required that device makers force users to change a device’s built-in password upon setup.\u003c/p>\n\u003ch2>How to prevent Silex from ruining your devices\u003c/h2>\n\u003cp>The Silex malware relies on guessing your device’s user name and password. Since this malware is so new, it may be a while before your smart device issues a fix for the hack. So what can you do in the meantime?\u003c/p>\n\u003cp>“If users buy a device with standard, hard coded credentials, the best thing they can do is change the username and password for the device as quickly as possible,” says Tendermint’s director of security Jesse Irwin, a former staffer at the popular password management app 1Password.\u003c/p>\n\u003cp>The good news is that changing your device’s default admin password may help prevent an attack against the Silex malware. The bad news: all devices are not created equal. Changing the admin password on \u003ca href=\"https://superuser.com/questions/1290848/how-do-you-change-the-password-of-an-iot-device-like-a-dvr\">a DVR\u003c/a> may be more difficult than changing it on \u003ca href=\"https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652\">a router\u003c/a>, for example.\u003c/p>\n\u003cp>Irwin notes that when trying to figure out the default username and password on an Internet-connected device, there are a few places people should look. Manufacturers often print usernames and passwords stickers to put on devices, or they include the information in user guide or setup instructions.\u003c/p>\n\u003cp>“If a device’s credentials cannot be changed, there are deeper technical measures that can be taken,” says Irwin. “But if you are not able to take care of those things on your own, return it.” The great thing about the booming market for connected devices, is that there are almost always other, safer options for available, she adds.\u003c/p>\n\u003ch3>\u003cspan style=\"font-weight:400;\">More must-read stories from \u003c/span>\u003ci>\u003cspan style=\"font-weight:400;\">Fortune\u003c/span>\u003c/i>\u003cspan style=\"font-weight:400;\">:\u003c/span>\u003c/h3>\n\u003cp>\u003cspan style=\"font-weight:400;\">—The fall and rise of VR: The struggle to \u003c/span>\u003ca href=\"http://fortune.com/longform/virtual-reality-struggle-hope-vr/\">\u003cspan style=\"font-weight:400;\">make virtual reality get real\u003c/span>\u003c/a>\u003c/p>\n\u003cp>\u003cspan style=\"font-weight:400;\">—“It’s just lazy”: Current’s CEO on Facebook \u003c/span>\u003ca href=\"http://fortune.com/2019/06/20/facebook-logo-calibra-current/\">\u003cspan style=\"font-weight:400;\">Calibra’s similar logo\u003c/span>\u003c/a>\u003c/p>\n\u003cp>\u003cspan style=\"font-weight:400;\">—Slack went public \u003c/span>\u003ca href=\"http://fortune.com/2019/06/20/slack-stock-ipo-dpo-direct-listing/\">\u003cspan style=\"font-weight:400;\">without an IPO\u003c/span>\u003c/a>\u003cspan style=\"font-weight:400;\">. Here’s how a direct offering works\u003c/span>\u003c/p>\n\u003cp>\u003cspan style=\"font-weight:400;\">—Welcome to the next generation of\u003c/span> \u003ca href=\"http://fortune.com/2019/06/19/corporate-phishing-scams/\">\u003cspan style=\"font-weight:400;\">corporate phishing scams\u003c/span>\u003c/a>\u003c/p>\n\u003cp>\u003cspan style=\"font-weight:400;\">—Listen to our new audio briefing, \u003c/span>\u003ca href=\"http://fortune.com/radio/\">\u003ci>\u003cspan style=\"font-weight:400;\">Fortune\u003c/span>\u003c/i>\u003cspan style=\"font-weight:400;\"> 500 Daily\u003c/span>\u003c/a>\u003c/p>\n\u003cp>\u003cspan style=\"font-weight:400;\">Catch up with\u003c/span> \u003ca href=\"https://cloud.newsletters.fortune.com/fortune/nloptin?nl=DATA_SHEET&source=LinkStack\">\u003ci>\u003cspan style=\"font-weight:400;\">Data Sheet\u003c/span>\u003c/i>\u003c/a>\u003cspan style=\"font-weight:400;\">, \u003c/span>\u003ci>\u003cspan style=\"font-weight:400;\">Fortune\u003c/span>\u003c/i>\u003cspan style=\"font-weight:400;\">‘s daily digest on the business of tech.\u003c/span>\u003c/p>\n"},"children":[]}]}]},{"name":"dianomi","config":{"type":"footer"},"children":[]},{"name":"recirculation","config":{"heading":"You May Like"},"children":[{"name":"content-list-item","config":{"title":"Sass as a Strategy: How Netflix’s Twitter Became Just as Entertaining as Its Shows and Movies","permalink":"https://fortune.com/2019/04/05/netflix-social-media-strategy/","hasVideo":false,"themeName":"recirculation","isNativoTout":true,"eyebrowLabel":"Entertainment","eyebrowLink":"https://fortune.com/section/entertainment/"},"children":[{"name":"image","config":{"aspectRatio":0.5515695067264574,"attachmentId":2601499,"alt":"twitter-netflix-sassy-account","caption":"Netflix's social media presence takes on a sassy persona that's unique for most streaming companies.","crops":[],"height":1920,"imageSize":"recirculation","lazyload":true,"lqipSrc":"https://content.fortune.com/wp-content/uploads/2019/04/twitter-netflix-sassy-account.jpg?quality=60&resize=60,33","postId":2598489,"retina":true,"showCaption":false,"sources":[{"default":true,"transforms":{"resize":[223,123]},"descriptor":223}],"sourceTags":[],"src":"https://content.fortune.com/wp-content/uploads/2019/04/twitter-netflix-sassy-account.jpg","srcset":"https://content.fortune.com/wp-content/uploads/2019/04/twitter-netflix-sassy-account.jpg?resize=446,246 446w,https://content.fortune.com/wp-content/uploads/2019/04/twitter-netflix-sassy-account.jpg?resize=223,123 223w","url":"https://content.fortune.com/wp-content/uploads/2019/04/twitter-netflix-sassy-account.jpg","useBasicImg":false,"usingDataFallback":false,"width":2880,"fallbackImageUrl":"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7","picture":false,"sizes":"223px"},"children":[]}]},{"name":"content-list-item","config":{"title":"Former GE CEO Jeff Immelt: To Combat Costs, CEOs Should Run Health Care Like a Business","permalink":"https://fortune.com/2019/04/03/jeff-immelt-health-care/","hasVideo":true,"themeName":"recirculation","isNativoTout":false,"eyebrowLabel":"Health","eyebrowLink":"https://fortune.com/section/health/"},"children":[{"name":"image","config":{"aspectRatio":0.5515695067264574,"attachmentId":2600134,"alt":"Former GE CEO Jeff Immelt speaking at the 2019 Fortune Brainstorm Health conference in San Diego.","caption":"Former GE CEO Jeff Immelt speaking at the 2019 Fortune Brainstorm Health conference in San Diego.","crops":[],"height":1364,"imageSize":"recirculation","lazyload":true,"lqipSrc":"https://content.fortune.com/wp-content/uploads/2019/04/40566226573_e0c5ababf1_k.jpg?quality=60&resize=60,33","postId":2600115,"retina":true,"showCaption":false,"sources":[{"default":true,"transforms":{"resize":[223,123]},"descriptor":223}],"sourceTags":[],"src":"https://content.fortune.com/wp-content/uploads/2019/04/40566226573_e0c5ababf1_k.jpg","srcset":"https://content.fortune.com/wp-content/uploads/2019/04/40566226573_e0c5ababf1_k.jpg?resize=446,246 446w,https://content.fortune.com/wp-content/uploads/2019/04/40566226573_e0c5ababf1_k.jpg?resize=223,123 223w","url":"https://content.fortune.com/wp-content/uploads/2019/04/40566226573_e0c5ababf1_k.jpg","useBasicImg":false,"usingDataFallback":false,"width":2048,"fallbackImageUrl":"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7","picture":false,"sizes":"223px"},"children":[]}]},{"name":"content-list-item","config":{"title":"For Edie Falco, an ‘Attitude of Gratitude’ After Surviving Breast Cancer","permalink":"https://fortune.com/2019/04/03/edie-falco-attitude-gratitude/","hasVideo":true,"themeName":"recirculation","isNativoTout":false,"eyebrowLabel":"Health","eyebrowLink":"https://fortune.com/section/health/"},"children":[{"name":"image","config":{"aspectRatio":0.5515695067264574,"attachmentId":2600182,"alt":"Actor Edie Falco, with Thrive Global CEO Arianna Huffington, at the 2019 Fortune Brainstorm Health conference in San Diego.","caption":"Actor Edie Falco, with Thrive Global CEO Arianna Huffington, at the 2019 Fortune Brainstorm Health conference in San Diego.","crops":[],"height":1365,"imageSize":"recirculation","lazyload":true,"lqipSrc":"https://content.fortune.com/wp-content/uploads/2019/04/47532413271_be1a461cf8_k.jpg?quality=60&resize=60,33","postId":2600160,"retina":true,"showCaption":false,"sources":[{"default":true,"transforms":{"resize":[223,123]},"descriptor":223}],"sourceTags":[],"src":"https://content.fortune.com/wp-content/uploads/2019/04/47532413271_be1a461cf8_k.jpg","srcset":"https://content.fortune.com/wp-content/uploads/2019/04/47532413271_be1a461cf8_k.jpg?resize=446,246 446w,https://content.fortune.com/wp-content/uploads/2019/04/47532413271_be1a461cf8_k.jpg?resize=223,123 223w","url":"https://content.fortune.com/wp-content/uploads/2019/04/47532413271_be1a461cf8_k.jpg","useBasicImg":false,"usingDataFallback":false,"width":2048,"fallbackImageUrl":"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7","picture":false,"sizes":"223px"},"children":[]}]},{"name":"content-list-item","config":{"title":"Ghosn Back, Tesla Drop, Boeing Report: CEO Daily for April 4, 2019","permalink":"https://fortune.com/2019/04/04/ghosn-arrest-tesla-drop-boeing-ethiopia-ceo-daily-for-april-4-2019/","hasVideo":true,"themeName":"recirculation","isNativoTout":false,"eyebrowLabel":"Leadership","eyebrowLink":"https://fortune.com/section/leadership/"},"children":[{"name":"image","config":{"aspectRatio":0.5515695067264574,"attachmentId":2600313,"alt":"FRANCE-SOCIAL-LABOUR-ECONOMY-RENAULT","caption":"Renault CEO Carlos Ghosn waits for the French President to arrive for a visit of the Renault factory in Maubeuge northeastern France on Nov. 8, 2018.","crops":[],"height":3312,"imageSize":"recirculation","lazyload":true,"lqipSrc":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1059133394.jpg?quality=60&resize=60,33","postId":2600311,"retina":true,"showCaption":false,"sources":[{"default":true,"transforms":{"resize":[223,123]},"descriptor":223}],"sourceTags":[],"src":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1059133394.jpg","srcset":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1059133394.jpg?resize=446,246 446w,https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1059133394.jpg?resize=223,123 223w","url":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1059133394.jpg","useBasicImg":false,"usingDataFallback":false,"width":4969,"fallbackImageUrl":"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7","picture":false,"sizes":"223px"},"children":[]}]},{"name":"content-list-item","config":{"title":"Elon Musk’s Plan to Boost Tesla Sales Is Dealt a Setback","permalink":"https://fortune.com/2019/04/04/elon-musk-tesla-q1/","hasVideo":false,"themeName":"recirculation","isNativoTout":false,"eyebrowLabel":"Autos","eyebrowLink":"https://fortune.com/section/autos/"},"children":[{"name":"image","config":{"aspectRatio":0.5515695067264574,"attachmentId":2600362,"alt":"Xinhua Headlines: Tesla breaks ground on gigafactory in Shanghai","caption":"Elon Musk's plan to boost Tesla sales has run into a roadblock. ","crops":[],"height":693,"imageSize":"recirculation","lazyload":true,"lqipSrc":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1079242950.jpg?quality=60&resize=60,33","postId":2600349,"retina":true,"showCaption":false,"sources":[{"default":true,"transforms":{"resize":[223,123]},"descriptor":223}],"sourceTags":[],"src":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1079242950.jpg","srcset":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1079242950.jpg?resize=446,246 446w,https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1079242950.jpg?resize=223,123 223w","url":"https://content.fortune.com/wp-content/uploads/2019/04/gettyimages-1079242950.jpg","useBasicImg":false,"usingDataFallback":false,"width":1024,"fallbackImageUrl":"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7","picture":false,"sizes":"223px"},"children":[]}]},{"name":"content-list-item","config":{"title":"Joe Biden, Netflix Pregnancy Lawsuit, Lesley McSpadden: Broadsheet April 4","permalink":"https://fortune.com/2019/04/04/joe-biden-netflix-pregnancy-lawsuit-lesley-mcspadden-broadsheet-april-4/","hasVideo":true,"themeName":"recirculation","isNativoTout":false,"eyebrowLabel":"MPW","eyebrowLink":"https://fortune.com/section/mpw/"},"children":[{"name":"image","config":{"aspectRatio":0.5515695067264574,"attachmentId":1929391,"alt":"","caption":"","crops":[],"height":1455,"imageSize":"recirculation","lazyload":true,"lqipSrc":"https://content.fortune.com/wp-content/uploads/2017/02/mpw-revised-logo-2-42.png?quality=60&resize=60,33","postId":2599806,"retina":true,"showCaption":false,"sources":[{"default":true,"transforms":{"resize":[223,123]},"descriptor":223}],"sourceTags":[],"src":"https://content.fortune.com/wp-content/uploads/2017/02/mpw-revised-logo-2-42.png","srcset":"https://content.fortune.com/wp-content/uploads/2017/02/mpw-revised-logo-2-42.png?resize=446,246 446w,https://content.fortune.com/wp-content/uploads/2017/02/mpw-revised-logo-2-42.png?resize=223,123 223w","url":"https://content.fortune.com/wp-content/uploads/2017/02/mpw-revised-logo-2-42.png","useBasicImg":false,"usingDataFallback":false,"width":2520,"fallbackImageUrl":"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7","picture":false,"sizes":"223px"},"children":[]}]}]}]}]}]}},"componentData":{},"error":null,"loading":false,"player":{"currentTime":0,"duration":0,"loading":false,"playing":false,"seek":0,"src":"","visible":false,"volume":0.5},"route":{"status":200,"redirectTo":false,"action":"PUSH","pathname":"/2019/06/26/silex-malware-hack-iot-internet-of-things-smart-device-fix-how-to-prevent/","search":"?","hash":""},"visible":{"search":false,"primaryNav":false,"freestar":false},"contactForm":{"submitting":false,"submitted":false,"failed":false,"validation":{},"redirect":""}};

Skip to Content

‘Silex’ Malware Renders Internet-of-Things Devices Useless. Here’s How to Prevent It

A new malware known as Silex is bringing smart devices to their knees.

The Silex malware, according to ZDNet, ruins smart devices by gaining access to and destroying a device’s storage, eliminating its firewall and removing its network configuration. From here, the device stops working.

Silex was reportedly created by a 14-year-old hacker who goes by the pseudonym Light Leafon, according to ZDNet. The malware went unknown until it was spotted by Larry Cashdollar, a security exploit researcher, on Tuesday. “It’s using known default credentials for IoT devices to log in and kill the system,” Cashdollar told ZDNet, which reports that Silex first affected 350 devices and then quickly spread to over 1,500 more.

The smart home device Achilles heel: Using default passwords

The prevalence of Internet of Things devices that ship with default passwords is nothing new. Research by Positive Technologies from 2017 showed that default passwords to 15 out of 100 IoT devices had never been changed. While not the majority, that’s certainly a large chunk of the 26 billion smart things devices out in the wild. The hacker is presumed to be inspired by the botnet BrickerBot, which plagued smart devices back in 2017. Both Silex and BrickerBot before it rely on default login credentials to gain control.

The danger associated with most of the devices around us having guessable passwords is obvious. So much so that, in 2018, California banned hardware from shipping with guessable logins like “password” and “123456.” The law also required that device makers force users to change a device’s built-in password upon setup.

How to prevent Silex from ruining your devices

The Silex malware relies on guessing your device’s user name and password. Since this malware is so new, it may be a while before your smart device issues a fix for the hack. So what can you do in the meantime?

“If users buy a device with standard, hard coded credentials, the best thing they can do is change the username and password for the device as quickly as possible,” says Tendermint’s director of security Jesse Irwin, a former staffer at the popular password management app 1Password.

The good news is that changing your device’s default admin password may help prevent an attack against the Silex malware. The bad news: all devices are not created equal. Changing the admin password on a DVR may be more difficult than changing it on a router, for example.

Irwin notes that when trying to figure out the default username and password on an Internet-connected device, there are a few places people should look. Manufacturers often print usernames and passwords stickers to put on devices, or they include the information in user guide or setup instructions.

“If a device’s credentials cannot be changed, there are deeper technical measures that can be taken,” says Irwin. “But if you are not able to take care of those things on your own, return it.” The great thing about the booming market for connected devices, is that there are almost always other, safer options for available, she adds.

More must-read stories from Fortune:

—The fall and rise of VR: The struggle to make virtual reality get real

—“It’s just lazy”: Current’s CEO on Facebook Calibra’s similar logo

—Slack went public without an IPO. Here’s how a direct offering works

—Welcome to the next generation of corporate phishing scams

—Listen to our new audio briefing, Fortune 500 Daily

Catch up with Data Sheet, Fortune‘s daily digest on the business of tech.