Home Kripto Default Password Leaves Dozens of Apartment Buildings Vulnerable to Unauthorized Access
Kripto

Default Password Leaves Dozens of Apartment Buildings Vulnerable to Unauthorized Access

Default Password Leaves Dozens of Apartment Buildings Vulnerable to Unauthorized Access

A major security flaw has been uncovered in the Enterphone MESH door access system, manufactured by Hirsch, which could allow unauthorized remote access to door locks and elevator controls in buildings across the United States and Canada. Security researcher Eric Daigle discovered the vulnerability, revealing that it stems from the use of a default password that remains unchanged by many customers. Rated as a 10 out of 10 on the vulnerability severity scale, this flaw highlights critical security oversights in technology systems.

The Vulnerability and Its Impact

The security bug allows potential intruders to exploit the default password, which is publicly available in the installation guide on Hirsch’s website. By entering this password into the internet-facing login page of any affected building’s system, unauthorized access can be gained. Daigle’s investigation, using the internet scanning site ZoomEye, identified 71 systems that still operate with the default-shipped credentials. This oversight enables individuals to determine which building they have accessed, as each system displays the physical address.

Daigle emphasized the ease of exploiting this vulnerability, stating that one could effectively break into any of the dozens of affected buildings within minutes without drawing attention. Despite the severity of the issue, Hirsch has not committed to publicly disclosing details about the bug. However, they have reached out to their customers, advising them to follow the product’s instruction manual to change the default password. Notably, when installing the system, customers are neither prompted nor required to alter the default password.

This incident underscores how product development decisions from previous years can lead to significant real-world consequences over time. The continued use of insecure default passwords poses substantial security risks, prompting governments to encourage technology manufacturers to eliminate such practices.

What The Author Thinks

The vulnerability in the Enterphone MESH system highlights the ongoing risk of relying on default passwords for critical security systems. It is an example of how a simple oversight can lead to massive consequences for users, especially in a time when cybersecurity is paramount. Manufacturers like Hirsch must take responsibility for ensuring that systems are secure out of the box, with proper safeguards in place to protect users. The lack of prompt actions to address such vulnerabilities not only jeopardizes the safety of buildings and their occupants but also raises concerns about the broader implications for the security industry.

Related Articles

YouTube TV App to Get a Redesign This Summer
Kripto

YouTube TV App to Get a Redesign This Summer

YouTube TV will be rolling out a new, customizable multiview feed that...

Threads Expands Advertising Reach to Global Advertisers
Kripto

Threads Expands Advertising Reach to Global Advertisers

Meta’s Threads, a burgeoning social media platform, has announced its expansion of...

Tesla Stock Jumps After Trump’s Comments on China Tariffs and Powell, Despite Weak Earnings
Kripto

Tesla Stock Jumps After Trump’s Comments on China Tariffs and Powell, Despite Weak Earnings

Tesla’s stock soared 5.3% after CEO Elon Musk recently told investors he...

YouTube Celebrates 20 Years and Poised to Become the Top Media Company by Revenue
Kripto

YouTube Celebrates 20 Years and Poised to Become the Top Media Company by Revenue

Twenty years ago, Jawed Karim uploaded his simple 19-second video titled “Me...