Shocked!
Shocked that default passwords are being left in place on supposedly tightly-controlled hardware! And there's gambling in Rick's!
Sierra Wireless cellular modems are being infected by the Mirai botnet malware used to smash systems offline. Mirai commandeers web-connected cameras, sensors and other Internet of Things (IoT) devices using the default factory-set login passwords in their firmware. It has been fingered for unleashing the largest DDoS attack …
What's worrying about this is that the malware writers are now targeting gateways, and apparently having some success.
This vulnerability or feature of gateways and other systems in the "dark web" has been known for some years now - remember the Carna botnet/Internet Census 2012? because it is widely known that practically the only systems on the Internet running AV software are (Windows) PC's. Plus another nice thing about gateways is that they tend to be left running 24x7.
I suspect that Mirai is getting publicity because it is the first true piece of malware to be detected that exploits the vulnerability of these appliances.
It's not exactly new that network devices in the commercial arena have been targeted for years, so why are the manufacturers of consumer kit not putting a simple bit of code into the installation startup that forces the user to create a good password? It's bad enough they have a set administrator account, but a hard-coded password as well?
>why are the manufacturers of consumer kit not putting a simple bit of code
Because IT security isn't something those who buy the gadgets are interested in, so why bother? None of this is likely to impact sales.
We need to impact sales. Labelling can help here. Think food labels. Stickers / government certification might actually be the best way forward. Require them on all retail IoT gadgets, detailing the security stance of the product. This goes for home-grade ADSL routers etc too. Better to allow configuration by telnet from the inside, than allow upnp or have default access from the outside. No retailer wants big red warning stickers on their boxes.