The National Telecommunications Agency (Anatel) published, on the last 5th, its first act aimed at cybersecurity of telecommunications equipment, Act 77/2021, which, among several measures to reduce vulnerabilities, determines that new WiFi routers and others products connected to the internet may not have easy passwords.
Issued by the Superintendence of Grants and Installment Resources, the new act aims to “establish a set of cybersecurity requirements for telecommunications equipment in order to minimize or correct vulnerabilities through software / firmware updates or through configuration recommendations”.
With the new regulation, Anatel intends to approve only new products developed with the concept “security by design”, that is, hardware or software systems designed, from the first stages of its design, to become as free as possible from vulnerabilities.
One of the most expressive aspects of Act 77/2021 is that it determines that any type of cybersecurity flaw found in equipment already approved by the regulatory agency, and that affect the safety of its users, providers or telecommunications networks, is evaluated by Anatel .
The end of easy passwords
For those who are already used to using the username and password “admin” to log in to the router, it is better to get used to the new rules, which also do not allow blank or weak passwords, and not even that several equipment of a certain brand leave. factory the same password.
As a result, the MAC (Media Access Control) address, determined by several manufacturers as a password, must be changed when first using the product, which must not admit credentials derived from easily accessible information.
During software updates, the new act determines that the equipment has automated and secure mechanisms that inform the user about the changes implemented in the updates.
In cases of remote management, the regulation requires that all devices have adequate authentication and encryption methods, in addition to control mechanisms that limit access to the particular sources involved.