No Comments

In historic act, Anatel prohibits sale of routers with easy or standardized passwords


In a historic and unique decision in the world, the National Telecommunications Agency (Anatel) has just sanctioned Act No. 77 of January 5, 2021, which provides for new rules for the commercialization of routers in Brazilian territory. Following the Cybersecurity Regulation Applied to the Telecommunications Sector, the equipment now needs to meet a series of requirements to be approved for sale in Brazil.

The first – and most interesting of them – is that no router marketed here will be able to “use initial credentials and passwords to access its configurations that are the same among all devices produced”. This means the definitive end of control panels with standardized logins easy to guess as “admin”, since the regulation also provides that the manufacturer will have to “force, in the first use, the change of the initial password to access the equipment configuration”.

In addition, factory passwords cannot be derived from easily obtainable information (such as MAC addresses), the system cannot accept the registration of easy credentials, it must not store cryptographic keys in the firmware itself. and should have native tools against brute force attacks. In addition, each and every product must guarantee, at least, two years of updates and security patches for the customer from its launch date, while maintaining a history of the identified vulnerabilities.

Anatel’s decision can be considered revolutionary because, although it only concerns devices that want approval for sale in Brazil, it is very likely that manufacturers adapt their devices globallythus creating a universal security standard for routers that will eliminate the problem of weak credentials once and for all. The act comes into force 180 days after its publication.

Source: Anatel

See the original post at:

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.