California bans weak passwords

prototype-keyboard-fingerprintA new California law will make it illegal for manufacturers to supply hardware and software systems with default weak passwords.

Is it really such a big issue? Well, the US Government Accounting Office has discovered that weapons systems can be hacked with simple default “admin: admin” type password combinations in as little as nine seconds.

In a report titled “WEAPON SYSTEMS CYBERSECURITY – Just Beginning to Grapple with Scale of Vulnerabilities” the auditors said, “Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the Internet and gain administrator privileges for that software. Multiple test teams reported using free, publicly available information or software downloaded from the Internet to avoid or defeat weapon system security controls.”

Read more: FastCompany / GAO

Image: TheDigitalWay / CC0

This story is taken from the 12 October 2018 edition of The Warren Centre’s Prototype newsletter. Sign up for the Prototype here.