The bill would also expand legal protections for security researchers who hunt for vulnerabilities.

A bipartisan group of senators have introduced legislation aimed at securing internet-connected smart devices, which were at the center of a massive cyberattack that brought down large swathes of the internet last year.

The distributed denial-of-service in October lasted for less than a day, but it further fueled concerns about threats posed by insecure and easily hijacked so-called Internet of Things (IoT) devices, thanks to an industry-wide apathy toward supplying devices with even the most basic security.

The new bill, introduced by Sens. Mark Warner (D-VA) and Cory Gardner (R-CO), will require suppliers of devices to the federal government to adhere to a level of industry-wide security practices, such as ensuring that devices, like wearables and smart sensors, can be patched with security fixes. The bill will prohibit devices from including hard-coded and unchangeable usernames and passwords, long seen as one of the primary ways malware can break in and hijack devices...


Read more: Senators introduce bill to secure Internet of Things devices | ZDNet