US lawmakers attempt to tackle IoT security flaws

Friday, October 5, 2018 - 11:10 by Mike Price

In recent years the Internet of Things (IoT) has become a much-discussed concept, with more and more gadgets in the average consumer’s home now relying on an internet connection to provide cutting edge, connected features.

Much of the debate about this issue has focused on the security flaws inherent in many IoT devices, which have allowed hackers to create vast botnets that can then be used to take down websites, steal data and much more besides.

The Register reports that new legislation being introduced across the pond in California will require any company producing web-enabled hardware to create a completely unique password to protect it, starting in 2020.

Generic passwords are not only a problem for people looking to carry out safe shopping online; they also give cybercriminals a back door into devices which have not had their default code changed after purchase.

This law seeks to address this, placing the burden of tightening security on the manufacturers rather than their customers.

While this is undoubtedly a sensible step, it is also potentially problematic in its own right, as it fails to reinforce the importance of choosing secure passwords amongst consumers.

A lot of the vulnerabilities associated with web use stem from the weak passwords that people tend to pick unless they are prompted to adhere to stricter rules at the point of account creation.

Many sites which attempt to offer safe shopping online are hampered by the fact that they do not enforce tighter controls over which types of passwords are acceptable. Perhaps it would be better for retailers to follow the example set in the IoT industry and roll out unique passwords to customers automatically, rather than relying on them to take charge of ensuring that their accounts are secure.