California lawmakers have taken the lead in trying to address privacy and security issues with Internet of Things (IoT) devices (which we have been writing about for years), by passing the country’s first IoT security bill, which is now headed to Governor Brown’s desk for signature by September 30.
One of the issues addressed by the bill is the fact that IoT devices, such as routers, home security systems, televisions, refrigerators, and other home appliances come to your home with a default password. Many people do not take the time to change the password and therefore, the password stays on the default one. The California bill statutorily requires IoT manufacturers to enable stronger passwords on IoT devices so they are not as easily hacked.
A botnet called Owari is specifically designed for, and able to easily crack default or weak passwords of IoT devices. A default password is not designed to continue to be used by the consumer. Manufacturers of IoT devices assume that consumers will change the passwords on their IoT devices to a unique password for the customer. By using the default password provided by the manufacturer, consumers are putting themselves at risk of intrusions into their IoT devices and the data on those devices being stolen or used.
When purchasing an IoT device, follow the manufacturer’s instructions on how to enable your own password on the device, and as in all cases of anything connected to the Internet, the password should be complex to deter intrusions and theft of data.