-
Ah yeah I see what you mean...the routers can then be hacked or botnetted and we are no further.
With the password, I mean a scan from the router to devices on the customer network. If the IOT devices accepts a default password, block it.
That won't fix the issue a router can be botnetted though.
A lot of users are lazy, they won't try to break the router or fiddle with it if it's a big hassle. But yeah port blocking sounds a LOT easier and more secure.
So, eh, why are ISP not doing it yet...? :)
JWestland-
I mean a scan from the router to devices on the customer network. If the IOT devices accepts a default password, block it.
This is illegal.
You cannot attempt to access a computer you do not have the right to access, and the act of trying a password is to do that.
Either you prevent the spread of malware to avoid becoming part of a botnet (by blocking inbound traffic to certain ports) or you prevent a machine from doing anything to another once part of a botnet (by blocking outbound traffic to anything that isn't configured to be open by an end user).
That's it. No other legal or practical solution exists.
The ISP is the only one who could do either of the above, but unfortunately they have no incentive to do either right now (legal, economic, etc).
Velocio
Some of the traffic is encrypted (that which is SSH), and so the ISP does not see the password.
Also, whilst we know which IPs are compromised and have a device behind that is part of the botnet, there is nothing about the traffic of the botnet that signifies that it is from a compromised IoT device.
Plain and simple port blocking is the way forward, as it will force anyone running devices to have gone to their device config and to change the configuration to use a different port... that is enough to obfuscate the endpoint, but ideally they'd change the default username and/or password whilst there.