Tag: firmware

This new California law means changes to your devices default passwords
California is used to being ahead of the game when it comes to technology. It comes as no surprise with our state being home to the mecca of technology, Silicon Valley. So of course, in an effort to regulate the Internet of Things (IoT) more seriously, California was the first state to introduce a law doing so.

Senate Bill 327 (SB-327) is the first law directed at the IoT and most of it’s measures are aimed at improving security of our devices. Cybercrime is a billion-dollar industry, so it makes sense to enact stricter regulations to protect consumers from having their devices hijacked and their networks held ransom.

Some of its most stringent requirements are aimed at password security. While it’s not mandating passwords at an OS or Software level (these are often set by the user), it is requiring changes be made to default passwords on a firmware level.

Starting January 2020 passwords on a firmware level must be randomized. The bill states:

1798.91.04.b Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:
1. The preprogrammed password is unique to each device manufactured.
2. The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.
This means if you purchase a router it can no longer have the Username admin/ Password admin or a similar login convention. Passwords for routers and other connected devices as defined by the bill “any device, or other physical object that is capable of connecting to the internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address” must have a randomized password and login name.

This may mean an extra bit of setup on the user’s part when purchasing a new device, and don’t toss that installation guide!

This gets even more complex when you think of devices such as servers, where rack scripting software may currently rely on every device having the same password to function. IT people will have their work cut out for them setting up new networks with these restrictions.

However, we applaud all efforts to make the internet a safer place, and we think SB-327 is just the beginning when it comes to regulating devices and the internet as a whole. With so much sensitive data being exchanged every day, it was a given change was coming to do more to protect it.

Also, while this bill only applies to devices in California it’s likely product developers will opt to have it in effect for other states as well.

With so many devices in our home and offices connected and listening, it makes sense to give these devices stronger protection with a stricter password to block hackers. We would like to see a bill that goes even further, regulating firmware updates and requiring companies to better support the devices they produce.

We outlined some of the pitfalls from companies failing update router firmware in this previous blog post.

As always, if you own a business in the Central Valley and are finding yourself trying to work with the new regulations from SB-327 or anything technology related, reach out to us for help or advice. We’re here to help.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
October 7, 2020
This Malware is on Fire – Literally
There is a new malware out there that can trick your phones power brick into catching on fire.

Cellphones and fires are not a new phenomenon, we all remember the debacle that was the Samsung Note 7. Due to the so called “aggressive” battery design, phones worldwide were exploding. This led to a swift recall and caused quite a dent in their public image.

However, the fires being started right now are at no fault to the manufacturers and not tied to a single brand. A recently discovered malware being called by the lab that discovered it “BadPower” is causing cellphone power bricks across various brands to start on fire.

An example of one of the affected phones. Attribution Nathanial Stern via Flickr

It works by tricking the adapter into sending more electricity to the phone then it can handle, which over time will melt the internal components and start a fire. Xuanwu labs tested the BadPower malware with 35 different power bricks and they discovered 18 of those were vulnerable to the attack.

What’s even worse, if your phone fell victim to this attack there would be no external signs that it was happening, your power brick would just start on fire.

As with many things the solution to this problem is a firmware update provided by your cellphone manufacturer and this is yet another solid reminder to always keep the software on your devices updated.

Cellphones are not the only things vulnerable to attacks that may damage hardware. While most malware on computers is directed at stealing information, it’s technically possible for a malware to cause your personal computer to overheat, thereby damaging its CPU.

We may be entering a new age of malicious malware that’s aimed purely at destruction and not of the financial kind that we’re accustomed to.

In this case the best defense is a good offense, and if you’re a business located in the Central Valley, Valley Techlogic would love to be your strategic partner in protecting your business. Reach out today for a free cyber security assessment, in less than 30 minutes over the phone we can give you a place to start.

If you’re not ready for the assessment, we also have our free one-page cyber security checklist that was recently updated for 2020. We think it’s a great resource for your business.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
July 23, 2020

Tag: firmware

This new California law means changes to your devices default passwords

Looking for more to read? We suggest these tech articles from the last week.

House Lawmakers Condemn Big Tech’s ‘Monopoly Power’ and Urge Their Breakups – The New York Times

10 things in tech you need to know today – Business Insider

Covid Creates Spike in Tech and Health Care Billionaires – InvestoPedia

America’s internet wasn’t prepared for online school – The Verge

Facebook bans QAnon across its platforms – NBC News

This Malware is on Fire – Literally

Looking for more to read? We suggest these tech articles from the last week.

Going to court online is supposed to be safer. For many, it’s actually much worse – CNet

Former Facebook engineer says that the company has enshrined failure in its policies- The Verge

Microsoft reveals ‘Halo Infinite,’ ‘Fable’ and other upcoming Xbox Series X games – CNN

Russian Hackers Named ‘Cozy Bear’ Are Targeting COVID-19 Vaccines – Popular Mechanics

Congress wants Apple, Google to warn users about apps posing ‘national security risks’ – USA Today

Baseball is back — with virtual crowds to fill up empty stadiums – DigitalTrends