A new law will soon be passed that will make internet-connected devices shipped from the company illegal, if they have bad default passwords. The California law will implement this new rule from 2020 onwards.
The new law has listed a number of requirements that are aimed to ensure that all future interent-connected devices that are shipped from the manufacturer have a unique password and not the default passwords such as “admin,” “password,” or “123456.” The law was passed by the state legislature in August and signed by the Governor Jerry Brown, reported Motherboard.
The report further adds: “The lack of basic security features on internet connected devices undermines the privacy and security of California’s consumers, and allows hackers to turn everyday consumer electronics against us,” state senator Hannah-Beth Jackson, who authored the bill, said in a press release.
The new bill will ensure that the technology that serves the people of California should not be an afterthought but rather a key component of the device’s design process.
With the increase in use of IoT devices, millions of homes are now being connected to the internet. These include basic CCTV cameras to baby monitors and microwave ovens too. Once connected to the internet, the devices can be vulnerable to hackers. With internet-connected devices today having least security, bad passwords, or no security at all, will give rise to hacking easily. While hackers may not be interested in snooping into any one home in particular, incidences online have been reported where hackers have leveraged millions of insecure IoT devices in 2016 alone to create a large botnet.
While most devices available today, be it the humble router, or the high-profile internet CCTV, are shipped out with default passwords that are common, probably easy to guess, and some even without passwords at all, users are now as tech savvy to reconfigure them with a tougher password. This leaves IoT devices vulnerable on the open internet, allowing a hacker to issue an attack with a simple search query. The new law will force manufacturers to introduce or implement unique passwords for all devices shipped out from their factory. So even if the user does not know how to change the password, at least guessing the default unique password will be more difficult for the hacker.