Routers With Weak Passwords Will Soon Be Illegal In California

Uploaded on 2018-10-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Internet-connected devices like routers and smart-home gadgets are typically low-hanging fruit for hackers. 

That’s because most have simplistic security, like all being outfitted with the same password when leaving the factory, or having no password at all.

A new California law would make it illegal to manufacture or sell Internet-connected devices that aren’t equipped with a unique password, or a feature that forces the consumer to set a personal password when the device is first used. It will take effect on Jan. 1, 2020.

The range of devices that the law covers is incredibly broad: It’s any device that connects to the internet, directly or indirectly, and has an IP address or Bluetooth address.

The tactic that California is trying to employ could eventually lessen the severity of some of the most destructive cyberattacks. 

Unsecured routers and IoT devices are routinely accessed and controlled by hackers, who send millions of compromised devices to ping a certain server and overwhelm it. This is called a distributed denial of service, or DDoS attack, and has brought down services like Amazon, Twitter, and Netflix.  

In May, the US departments of Homeland Security and Commerce concluded that a US attempt to tackle those coordinating these networks of bots, called botnets, wouldn’t be enough to solve the problem, since the hardware being controlled and those controlling it come from all over the world. 

But for California, home to much of the US technology sector, this could be a first step to patching a common flaw in the technology.

Defense One:

You Might Also Read:

Millions Of WiFi Routers Are At Risk Of Hacking

« Build A Young Cyber Security Team
Algorithmic Warfare Is Coming. Humans Must Retain Control »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

Secure Blink

Secure Blink

Secure Blink provides automated application and API security solutions that empower developers and security engineers to protect critical assets from exploitation.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

Benchmark Executive Search

Benchmark Executive Search

Benchmark specializes in finding elite talent for startup, emerging-growth and mid-cap companies offering game-changing technologies or innovative services to the federal and commercial markets.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.