However, it will be illegal by a new California law, to manufacture or sell IoT devices without a unique password, or a feature that force to users to set their own password when they used for the first time and the law will go in effect by 1st January, 2020. The California law overlays a wide range of devices, it could be any device that connects to the internet, and have an IP address or Bluetooth address.
Through the law, California is trying to diminish the harness of most destructive cyber attacks. Because many of unsecured and IoT devices are continually accessed and controlled by hackers, who transmit millions of comprised devices into a certain server and devastate it. This process called a DDoS attack (Distributed Denial of Service) and has destructed services like Amazon, Twitter, and Netflix.
While in May, the US Department of Homeland Security and Commerce tried to tackle those botnets, however, it wouldn’t figure out the problem, because the hardware is being controlled from all across the world. Though, the new California law might be the initial step to bandage the common flaw in the technology.