In April of 2024, new legislation from the UK National Cyber Security Centre went into effect, banning smart device manufacturers from supplying devices with easily-guessable default passwords. A simple but effective attack involves attackers logging into smart devices using well-known default passwords, which many smart device owners do not bother to change. This attack is commonly used to create “botnets” — networks of compromised computers used to launch distributed denial of service (DDoS) attacks on internet servers. By banning manufacturers from setting weak default passwords, the UK hopes to hinder the growth of these botnets.
