Routers With Weak Passwords Will Soon Be Illegal In California

Uploaded on 2018-10-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Internet-connected devices like routers and smart-home gadgets are typically low-hanging fruit for hackers. 

That’s because most have simplistic security, like all being outfitted with the same password when leaving the factory, or having no password at all.

A new California law would make it illegal to manufacture or sell Internet-connected devices that aren’t equipped with a unique password, or a feature that forces the consumer to set a personal password when the device is first used. It will take effect on Jan. 1, 2020.

The range of devices that the law covers is incredibly broad: It’s any device that connects to the internet, directly or indirectly, and has an IP address or Bluetooth address.

The tactic that California is trying to employ could eventually lessen the severity of some of the most destructive cyberattacks. 

Unsecured routers and IoT devices are routinely accessed and controlled by hackers, who send millions of compromised devices to ping a certain server and overwhelm it. This is called a distributed denial of service, or DDoS attack, and has brought down services like Amazon, Twitter, and Netflix.  

In May, the US departments of Homeland Security and Commerce concluded that a US attempt to tackle those coordinating these networks of bots, called botnets, wouldn’t be enough to solve the problem, since the hardware being controlled and those controlling it come from all over the world. 

But for California, home to much of the US technology sector, this could be a first step to patching a common flaw in the technology.

Defense One:

You Might Also Read:

Millions Of WiFi Routers Are At Risk Of Hacking

« Build A Young Cyber Security Team
Algorithmic Warfare Is Coming. Humans Must Retain Control »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

Edgio

Edgio

Edgio provides unmatched speed, security, and simplicity at the edge through globally-scaled media and applications platforms.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.