Latest in Gear

Image credit: Westend61 via Getty Images

California's new laws bolster security for connected devices

Companies aren't completely happy, however.
311 Shares
Share
Tweet
Share
Save

Sponsored Links

Westend61 via Getty Images

California just raised the baseline for security in the Internet of Things... to a degree. Governor Jerry Brown has signed very similar Assembly and Senate bills that require hardware makers to include "reasonable" security measures for connected devices. All gadgets will require at least some kind of protection against unauthorized data access. If they connect to the internet, they'll require either a preset password "unique to each device manufactured" or else the ability to generate a new authentication method (such as a custom password) on initial setup. You shouldn't see hackers compromise legions of security cameras or routers simply because they're using the same default password.

The two laws take effect on January 1st, 2020, so there's time for tech firms to build the features into their products.

Some industry groups are anxious about the laws. The California Manufacturers and Technology Association (which includes companies like AT&T, Intel and Honeywell) told Government Technology in a statement that the state was "imposing undefined rules" and had allegedly created a "loophole" that let imported devices avoid the rules. The Entertainment Software Association, meanwhile, claimed that existing laws already covered reasonable privacy protection.

However, that's not how the politicians see it. Senator Hannah-Beth Jackson, who introduced one of the bills, noted that foreign companies will still have to meet the standards regardless of where they make their devices. This is also about leaving companies to use "best judgment" for security on their own devices, she said.

You probably won't see devices with airtight security as a result of this. There's no mandates for encryption, for example. However, that's not really the goal here. This is more about preventing rookie mistakes, such as connected toys that transmit data with few if any safeguards. Cyberattackers may still get through -- they'll just have fewer obvious targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
311 Shares
Share
Tweet
Share
Save

Popular on Engadget

Relive Yamaha's synth history without leaving the couch

Relive Yamaha's synth history without leaving the couch

View
Tilt Five wants to bring augmented reality to tabletop games

Tilt Five wants to bring augmented reality to tabletop games

View
What's on TV this week: 'The Good Place'

What's on TV this week: 'The Good Place'

View
Facebook acquires neural monitoring startup CTRL-labs

Facebook acquires neural monitoring startup CTRL-labs

View
Samsung brings Note 10's AR and camera features to the Galaxy S10

Samsung brings Note 10's AR and camera features to the Galaxy S10

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr