LinkedIn Post 2: Default Passwords

admin/admin

That's the default password on your building's HVAC controller. Set in 2010. Never changed. Can't be changed—the device doesn't support credential rotation.

It's still there. Still accessible. Still an attack vector.

Under PSTI, IoT devices must have user-changeable default passwords. This device violates that requirement. And your FM company, as the distributor, is liable.

You have options:

• Push the vendor to release a firmware update that allows credential changes

• Isolate the device on a separate network segment

• Plan its replacement with a compliant alternative

But "leave it alone" isn't an option anymore.

#PSTI #IoTSecurity #DefaultPassword #BuildingAutomation