New UK law to hit home smart device makers with heavy fines for using default passwords

The UK has introduced the Product Safety and Telecommunications Infrastructure Bill (PSTI), a series of new regulations designed to improve the security of smart home devices, the government said. The rules ban easy-to-guess default passwords, require disclosure of release dates for security updates, and more, and face hefty fines.

The new rules were originally proposed last year, after a long period of consultation, and are largely unchanged. The first is a ban on easy-to-guess default passwords, including classic passwords like “password” and “admin”. All passwords provided with new devices will have to “be unique and not be able to be reset to a universal factory setting,” the law says.

“Most of us assume that if a product is for sale, it is safe and secure. Yet many are not, which puts too many of us at risk of fraud and theft.” , said British Minister Julia Lopez. “Our bill will put a firewall around everyday technology, from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who violate new standards. strict security. “

Next, manufacturers should notify customers at the point of sale and keep them informed of the minimum time required for security patches and updates. If the product does not come with them, this fact should be disclosed. Finally, manufacturers must provide a public point of contact for security researchers so that they can easily disclose flaws and bugs.

The government hopes to curb attacks on home devices, citing 1.5 billion attempts to compromise Internet of Things (IoT) devices in the first half of 2020 alone. As an example, it cited a 2017 attack. in which hackers stole data from a casino by attacking an aquarium connected to the Internet. He added that “in extreme cases, hostile groups have taken advantage of poor security features to access people’s webcams.”

The rules will be overseen by a regulator who will be appointed once the bill goes into effect. Fines could reach up to £ 10million ($ 13.3million) or 4% of a company’s gross turnover, with up to £ 20,000 per day for pending offenses. The law applies not only to manufacturers, but also to companies that import technology products into the UK. Products include smartphones, routers, security cameras, game consoles and home speakers, as well as internet-connected devices and toys.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.

Leave a Comment