Exam SY0-601 topic 1 question 257 discussion

The quality of this question is really bad.

Most of the IoT devices have the same password given by the manufacturer. In my opinion B (Weak credentials) is the most common point of attack.

Backdoor seems unlikely for different devices. Lack of encryption, I don't know what is has to do with cameras? You don't communicate with them. Outdated software and weak credentials are equal here, but looking for weak password is usually easier than trying to crack a software.

The most likely reason for hackers selling access to IoT camera feeds is weak credentials. Weak or default passwords are a common security issue with IoT devices, including cameras. Many users fail to change the default passwords provided by the manufacturer or set weak passwords, making it easy for hackers to gain unauthorized access to the devices. Once the hackers have access to these cameras, they can view and potentially record the camera feeds, violating users' privacy and potentially using the feeds for malicious purposes. To prevent such incidents, it is crucial for users to change default passwords to strong, unique passwords and enable additional security measures like two-factor authentication whenever possible.

All of the above are correct , not sure which one is more likely

every options in this question are acceptable, but I will Choose B, IOT usually use default account & password,which is weak credential.

I think from the fact that they said "access" then it must be due to weak credentials.

B. Weak credentials is the most likely reason for this issue. Hackers are able to abuse weak credentials, such as default passwords or easily guessed passwords, to gain access to a vulnerable IoT camera system. Once the hackers have access to the camera feed, they can sell it on the dark web for malicious purposes.

Weak defaults are a condition where default conditions are generally known, including admin account and password, leaving the system completely vulnerable to an attacker.

I go for B. IoT are not only cheap china/taiwan products with no support/updates, but also high quality devices e.g. by Axis or Mobobix, who update their firmware/software to close backdoors/vulnerabilities, if found.

https://www.eurofins-cybersecurity.com/news/security-problems-iot-devices/ default password

A Outdated software implies someone exploited a vulnerability to gain access vs B People used Weak credentials such as default passwords, that seems more likely to me.

Outdated software since software updates by vendors are very limited in IoT devices

A. Outdated software