philip lelyveld The world of entertainment technology

17Sep/18Off

First IoT security bill reaches governor’s desk in California

California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."

The bill's main provision is that "a manufacturer of a connected device shall equip the device with a reasonable security feature or features."

According to the bill's approved text, "if a connected device is equipped with a means for authentication outside a local area network," the authentication system must meet one of two criteria.

  1. If the device uses a default password, the password must be unique to each device; or,
  2. The device must prompt users to set up their own password whenever the user sets up the device for the first time --criteria put in place to avoid manufacturers shipping devices with the same default credentials.

As security researcher and infosec pundit Robert Graham points out, this new IoT security law, despite its good intentions, isn't particularly useful in the current state of the IoT market, and will not fix any of the problems that plague IoT devices.

See the full story here: https://www.zdnet.com/article/first-iot-security-bill-reaches-governors-desk-in-california/

Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

Trackbacks are disabled.