California law bans selling routers with weak passwords – Quartz



[ad_1]

Internet-connected devices, such as routers and gadgets for the smart home, are generally easy solutions for hackers. This is because most have simplistic security, such as having the same password when they leave the factory or not having one at all.

A new California law would prohibit the manufacture or sale of Internet-connected devices that do not have a unique password, or a feature that requires the consumer to set a personal password when using the device for the first time. peripheral. It will come into effect on January 1, 2020.

The range of devices covered by the law is incredibly broad: it is any device that connects to the Internet, directly or indirectly, and has an IP address or a Bluetooth address.

The tactics employed by California could eventually reduce the severity of some of the most destructive cyberattacks. Rogue routers and IoT devices are regularly monitored and controlled by hackers, who send millions of compromised devices to ping a given server and overwhelm it. This is known as a distributed denial of service, or DDoS attack, which has resulted in the removal of services such as Amazon, Twitter and Netflix.

In May, the US departments of Homeland Security and Commerce concluded that an American attempt to attack those who coordinated these botnets, botnets, would not solve the problem because the controlled hardware and those who control it come from all around the world. But for California, which is home to much of the US tech sector, this could be a first step in correcting a common loophole in technology.

[ad_2]
Source link