Imagine using a baby monitor to keep an eye on your child while you're in another room. Now imagine a complete stranger doing the exact same thing. How about a hacker taking control of your car? While greater connectivity lets us enjoy more conveniences in our everyday lives, it also makes it easier for ne’er-do-wells to pose a danger to us and our loved ones.
To protect the privacy and well-being of its citizens, California passed two bills into law, namely Assembly Bill 1906 and Senate Bill 327. Beginning January 1, 2020, manufacturers of devices that connect to the internet would be required to equip such devices with reasonable security features that would stop unauthorized access, data or program modification, or disclosure of information. According to the law, security can come in the form of a unique password per device, or an authentication process wherein the user must create their own login credentials before access is granted to their device for the first time.
Both security features are meant to prevent manufacturers from implementing default usernames and passwords on the devices they make, a security flaw that allowed hackers to take over more than 100,000 devices with the Mirai malware back in late 2016. In a plan to extort businesses for their security and server services, they used these enslaved machines or “bots” to overload a domain name system (DNS) service provider with traffic requests, thereby forcing the many websites that rely upon it to go offline.
The Mirai attack succeeded because manufacturers don’t require users to change the default credentials. This obviously leaves devices open to unauthorized access and control — something that the new California Internet of Things (IoT) law hopes to prevent. While the Mirai incident is an extreme example of compromised security, you would do well to consider how unchanged default credentials can leave your family and your business vulnerable to cyberattacks.
IoT devices can be used to collect information about you
Default credentials make it easier for hackers to use internet protocol cameras and microphones to observe and make recordings of you without your permission. Smart machines such as home assistants collect staggering amounts of personal information that hackers (and nosy governments) love to mine. Also, these let thieves turn security cameras into their eyes and prevent alarm systems from alerting the police.
IoT devices can be overtaken and used against you
Our growing reliance on connected devices means a broadening vulnerability to malcontents and saboteurs. Instead of increasing efficiency via automation, factory robots on systems that use easy-to-guess usernames and passwords can be easily hacked to alter or halt production. Additionally, self-driving technology — an innovation that promises to reduce if not eliminate road accidents due to human error — might allow hackers remote control of vehicles and turn them into weapons if security measures are not as tight as they are now.
Implementing unique access credentials for devices sold in California makes it harder for ill-intentioned people to target its residents, though that’s just one step towards better cybersecurity. Despite being limited to one state, California’s IoT law is a good first for America. It serves as a model for the rest of the nation to follow, and device makers will spread the security benefits to the markets they serve outside the Golden State. While it’s good that legislation is trying to catch up with technology, cybersecurity threats can grow ever more sophisticated, taking advantage of vulnerabilities beyond generic access credentials. Your business needs network security that is updated way faster than the law.
Firms across San Jose and the San Francisco Bay Area rely on USWired for network security, IT support, and other vital managed IT services to compete and achieve growth in their chosen arenas. Contact us today to learn how we can help you with all of your IT needs.