Routers With Weak Passwords Will Soon Be Illegal In California

Internet-connected devices like routers and smart-home gadgets are typically low-hanging fruit for hackers. 

That’s because most have simplistic security, like all being outfitted with the same password when leaving the factory, or having no password at all.

A new California law would make it illegal to manufacture or sell Internet-connected devices that aren’t equipped with a unique password, or a feature that forces the consumer to set a personal password when the device is first used. It will take effect on Jan. 1, 2020.

The range of devices that the law covers is incredibly broad: It’s any device that connects to the internet, directly or indirectly, and has an IP address or Bluetooth address.

The tactic that California is trying to employ could eventually lessen the severity of some of the most destructive cyberattacks. 

Unsecured routers and IoT devices are routinely accessed and controlled by hackers, who send millions of compromised devices to ping a certain server and overwhelm it. This is called a distributed denial of service, or DDoS attack, and has brought down services like Amazon, Twitter, and Netflix.  

In May, the US departments of Homeland Security and Commerce concluded that a US attempt to tackle those coordinating these networks of bots, called botnets, wouldn’t be enough to solve the problem, since the hardware being controlled and those controlling it come from all over the world. 

But for California, home to much of the US technology sector, this could be a first step to patching a common flaw in the technology.

Defense One:

You Might Also Read:

Millions Of WiFi Routers Are At Risk Of Hacking

« Build A Young Cyber Security Team
Algorithmic Warfare Is Coming. Humans Must Retain Control »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Combitech

Combitech

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats.

Total Defense

Total Defense

Total Defense solutions include anti-malware, anti-virus, intrusion prevention & mobile security.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

Firmus

Firmus

As the leading penetration testing services provider in Malaysia, Firmus evaluates the ability of your internal or external information assets to withstand attacks.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.

Greenway Solutions

Greenway Solutions

Greenway Solutions are trusted advisors relied upon by our clients to combat sophisticated adversaries in the fraud and security domain.