California, home to many start-ups and technology companies, such as Apple and Facebook, has passed a legislation that requires higher security standards for internet-connected devices. The Information Privacy: Connected Devices Bill makes it illegal for electronics firms to use default passwords such as “01234” and “admin” in their products from 2020.
This means each device needs to have its own unique password, enhancing overall security and reducing chances of cyber attacks. The new legislation also allows customers to sue for damages if they suffer harm from the default passwords. Devices that fall under this legislation includes any device that connects to the internet, has an IP address or Bluetooth address, such as routers.
This news may not come off as important, however this may be the very first line of defence against cyber attacks. Did you know that most people are not bothered to change the default passwords on their devices? According to a survey, some 82% of respondents never changed their administrator password.
For example, very small aperture terminals (VSAT) commonly used in ships and yachts often come with default passwords that are often not changed. With an open ship tracking map, Shodan – an attacker will be able to locate the ship, gain administrator access and potentially take over the GPS system of the ship. Also on the topic of default passwords, let’s look at the Mirai IoT botnet that stirred the internet a few years ago. Mirai lurked on unassuming devices with default passwords such as webcams and surveillance cameras.
This is the first law of its kind in the world. Will we see other countries follow suit, especially in regulating financial institutions? One thing’s for sure now. Manufacturers will now need to come up with more creative passwords.
Written by: Liwen