Default Password Flaw Exposes Dozens of Buildings: Hirsch Security System Vulnerability

Default Password Flaw Exposes Dozens of Buildings: Hirsch Security System Vulnerability

In an alarming revelation that underscores the persistent vulnerabilities inherent in internet-connected devices, a critical security flaw has been identified in Hirsch's Enterphone MESH door access control system. This flaw, stemming from the system's reliance on a default password, has exposed dozens of residential and office buildings across the United States and Canada to potential unauthorized access. The implications of this vulnerability are profound, potentially compromising the physical security of these buildings and the safety of their occupants. The crux of the issue lies in the fact that Hirsch, the current owner of the Enterphone MESH system, has acknowledged the default password but refuses to issue a patch or fix. Instead, the company maintains that the presence of the default password is by design and that customers are solely responsible for altering it during the initial setup. This stance has drawn sharp criticism from security researchers and industry exper…