Using a Weak Wi-Fi Password Leads to Arrest

As reported in BBC News today, in January 2021, a couple was arrested for posting images of child abuse online. The couple has denied any involvement with the images and posting.

After five months of investigation and “utter hell”, the case has been dropped.

Although it cannot be proven, it appears that because the couple never changed the Wi-Fi and router default passwords, the actual criminals were able to gain control over their home router, allowing the criminals to post the images while making it appear to have been done by the router owners.

This is in no way a unique or isolated case. 

A few years back I was living in an apartment. I noticed one of the many Wi-Fi SSID’s in the complex was without a password. After logging into the network, I found only two devices – a Windows PC and a printer. The PC was without a password as well!

Using my laptop while walking around the complex to measure Wi-Fi signal strength, I was able to find the apartment hosting the passwordless router. I introduced myself to the couple, that I was a cybersecurity professional, and happened to notice that their Wi-Fi had no password, which put their data and communications in a highly vulnerable position.

The husband became absurdly irate, ranting that he was the IT Security Manager for the Rio Rancho Police Department, and if anyone knows how to “do this”, he does.

Having done my due diligence, I apologized for disturbing them, and returned to my apartment.

Back at my computer, I logged into their network for a last time, and left a note on his PC desktop, reminding him that his, his wife’s, and the RRPD data were at risk.

Within an hour the network was secured.

A quick internet search will find you the default passwords for almost any type of device with internet connectivity. The majority of users never change their default passwords. Doing so is the equivalent of sending smoke signals with everything done on the network.

How about putting it on the calendar that next Monday, all default usernames and passwords are changed for:

  • Routers
  • Modems
  • Wi-Fi Base Stations
  • Smart Thermostats
  • Smart Security Systems
  • Smart Doorbells
  • Smart Keylocks
  • Even items like your smart refrigerator

When resetting passwords, remember to give a unique password to every device, site, and service, and passwords should be a minimum of 15 characters. To make remembering all of these passwords easy to recall, install Bitwarden on all of your computers, mobile phones, and tablets.