Latest in Gear

Image credit: Getty Images

California may ban terrible default passwords on connected devices

A proposed law could force smart device manufacturers to shore up security.
368 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images

California looks set to enact a law that aims to protect connected devices against hackers. The state senate has sent Governor Jerry Brown draft legislation that could beef up security across the vast ocean of smart gadgets.

If a device requires you to sign in, manufacturers will either have to use unique preprogrammed passwords -- see ya never, username: admin/password: admin -- or make you change the credentials the first time you use it. Companies will also have to "equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device."

If Brown signs the bill into law, it will take effect at the beginning of 2020. But critics claim the wording is vague and doesn't go far enough in ensuring manufacturers don't include unsecured features.

"It's like dieting, where people insist you should eat more kale, which does little to address the problem you are pigging out on potato chips," Robert Graham of Errata Security said in a blog post. "The key to dieting is not eating more but eating less." Given the huge number of connected devices available, it's also not clear how the state plans to enforce and regulate the rules.

Still, it's a step towards protecting consumers from the litany of attacks, exploits, and security flaws on connected devices that threaten consumers every day. Including fuzzy wording in the draft language may actually be a positive, as technology companies (and hackers) typically move faster than lawmakers can legislate, so more concrete security measures that the bill could have laid out may soon seem antiquated anyway.

It's possible that, should the law come into effect, manufacturers will adopt the same security measures for their products in other states that they will in California. A number of draft bills related to connected device security are languishing in Congress committee purgatory, so the California law could prompt movement on legislation at the federal level too.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
368 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Porsche Taycan will come with a standalone Apple Music app

Porsche Taycan will come with a standalone Apple Music app

View
'Final Fantasy VIII' Remastered is coming out on September 3rd

'Final Fantasy VIII' Remastered is coming out on September 3rd

View
Bloomberg: Apple plans to launch TV+ in November for $10 a month

Bloomberg: Apple plans to launch TV+ in November for $10 a month

View
Amazon unveils trailer for third season of ‘The Marvelous Mrs. Maisel’

Amazon unveils trailer for third season of ‘The Marvelous Mrs. Maisel’

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr