Jerry Brown, the current governor of the Golden State, recently signed a law that prevents vendors from selling internet-connected products with preprogrammed passwords to consumers. Such passwords are easy to crack or guess, potentially leaving the user defenseless against malicious hackers
When the law takes effect in 2020, every Internet of Things (IoT) device created or sold in California (including cars, thermostats, baby monitors, and even refrigerators) has to come with a unique password or an internal feature that will request the user to set their own login credentials. Essentially, smart homes and smart cities will be mandated to have built-in authentication features.
This regulation makes California the first state in the nation to implement cybersecurity standards for the growing popularity of IoT. It’s also a step toward guarding against cyber threats such as ransomware and distributed denial-of-service (DDoS) attacks. In 2017, Mirai, Persirai, and Reaper botnet attacks hijacked vulnerable machines to cripple several networks and wreak significant downtime.
Are weak passwords the only digital threat here?
Taking away default login credentials will only provide a basic shield against plenty of cyberthreats. California is the only state taking action here, so other manufacturers, lawmakers, and managed IT services providers (MSPs) have to work on the challenges of beefing up the security of IoT devices.
IoT machines are often easy prey for cyber criminals because of poor password security. A lot of these devices have weak login credentials like “1234” or “admin” out of the box. Users normally don’t bother changing the device’s fixed password even with the option to do so, so hackers can easily crack them via brute force attacks and break into the network or turn connected machines into disruptive botnets.
The Mirai attack is the perfect example of this, as the malware took control of computers, webcams, and other gadgets that were connected to Oracle’s Dyn (a networking firm) and flooded it with fake traffic. Because of this, websites like Netflix, PayPal, and Twitter were offline for hours.
The implications of California’s new IoT policy
While California’s simple measure means well, it will result in additional costs for manufacturers. This in turn can lead to resistance from various industries as the private industry is known to be averse to lawmakers imposing regulations and licenses for necessary protection.
Reputable IT service providers like Zeta Sky understand the complexity of the ever-evolving threat landscape. A common method that cybercriminals use to break into a system is through exploiting any bugs in their software, and if you’re not prepared you can be a ripe target.
California’s new IoT policy doesn’t mandate manufacturers to patch these vulnerabilities, nor does it require them to update their security by themselves. The IoT law only requires manufacturers to put unique security features in their products without determining the said features.
Have an IT consultant boost your network security
A reputable MSP can provide many benefits for your business, including protecting your network and its devices from all forms of malware and hackers. Don’t wait until your company encounters a major crisis before hiring an MSP.
Zeta Sky offers cloud desktop solutions for the areas of Rancho Cucamonga, Ontario, and Riverside. We go above and beyond to make sure your IT infrastructure is optimized and working efficiently. Get in touch with us today for a complimentary consultation.
