California will be the first state where since January 1, 2020, manufacturers of devices that connect to the Internet will be required to install a unique password on them or to build a password generation system in them. The corresponding law was signed by the Governor of the State, Jerry Brown, writes N + 1, citing The Verge.
This is the first such legislative initiative in the field of cybersecurity, which should prevent hackers from gaining access to “smart” devices. In recent years, the Internet market for things has been growing rapidly, refrigerators, microwave ovens, smart speakers, thermostats, video surveillance cameras and even light bulbs have been connected to the Internet.
In almost all cases, such devices use the standard login / password for the first login, which users often do not change. This leads to the fact that attackers can easily take control of the device in their own hands, and here are possible a variety of scenarios – from the nightly intimidation of the child through the “baby monitor” and penetration into the house before creating a huge botnet from video cameras for DDoS attacks.
The bill was evaluated by experts, calling it a good step in the field of cybersecurity. The expert on cyber security Robert Graham was one of the most harsh critics. He argues that it is not enough to add “good” functions and not destroy bad ones. He highly appreciated the requirements for the password, but said that the bill does not cover the whole range of authentication systems that can leave “holes” in safety.
Picture Credit: TheDigitalWay