UK manufacturers will be banned from setting default passwords on IoT devices

By: Yuriy Stanislavskiy | 25.11.2021, 10:23

All "default" passwords should disappear as a class on devices connected to the Internet, and companies that do not adhere to this rule face hefty fines. This follows from a new law that is being prepared by the UK government.

The law targets so-called "smart" devices in people's homes and aims to protect them from burglary. A recent study by consumer advocacy organization Who? Found that homes filled with smart devices can face more than 12,000 attacks a week.

Cybercriminals are increasingly targeting smart home appliances such as televisions, speakers and Internet-connected dishwashers. One vulnerable device is enough for hackers to gain access to your entire home network and steal sensitive personal data.

What is spelled out in the new law:

  • Easily guessed default passwords preset on devices are disabled. All products now require unique passwords that cannot be reset to factory defaults;
  • When purchasing a device, consumers should be informed about the minimum time to receive vital updates and security patches. If the product receives neither one nor the other, this must also be explicitly stated;
  • A dedicated contact point will be created for security researchers where they can report flaws and bugs.

The new regime will be monitored by a regulator appointed after the entry into force of the bill. He will have the power to fine companies up to £ 10 million, or 4% of their global turnover, and up to £ 20,000 a day for ongoing violations.

The list of devices covered by the new law includes routers, security cameras, game consoles, home speakers, home appliances and toys with an Internet connection. It does not include vehicles, smart meters and medical devices, desktop and laptop computers.

A source: bbc

Illustrations: jeferrb