New British law will hit manufacturers of smart home devices with heavy penalties for using default passwords

The UK has introduced the Product Safety and Telecommunications Infrastructure Act (PSTI), a set of new regulations designed to improve the security of smart home devices, the government has announced. The rules will prohibit default passwords that are easy to guess, require disclosure of the date of release of security updates and much more – under penalty of heavy fines.

The new rules were originally proposed last year, after a long period of consultation, and are largely unchanged. The first is a ban on default passwords that are easy to guess, including classics like “password” and “admin”. All passwords that come with new devices “must be unique and cannot be reset to any universal factory settings,” the law states.

“Most of us assume that the product for sale is safe and secure. However, many are not, which puts too many of us at risk of fraud and theft,” said British Minister Julia Lopez. “Our law will set up a firewall around everyday technology, from telephones and thermostats to dishwashers, baby monitors and doorbells, and provide huge penalties for those who violate strict new safety standards.”

Next, manufacturers must notify customers at the point of sale and update them of the minimum time required for security patches and updates. If the product does not come with them, that fact must be revealed. Finally, manufacturers must provide a public point of contact for safety researchers so that they can easily detect deficiencies and errors.

The government hopes to limit attacks on home devices, citing 1.5 billion attempts to compromise Internet of Things (IoT) devices in the first half of 2020 alone. An example is the 2017 attack in which hackers stole data from a casino by attacking an aquarium connected to the Internet. It adds that “in extreme cases, enemy groups took advantage of poor security features to access people’s webcams.”

The rules will be overseen by a regulator who will be appointed when the bill comes into force. The fines could reach up to £ 10 million ($ 13.3 million) or 4 per cent of the company’s gross revenue – with up to £ 20,000 a day charged for ongoing offenses. The law applies not only to manufacturers, but also to companies that import technological products into the UK. Products include smartphones, routers, security cameras, game consoles and home speakers, along with internet-enabled devices and toys.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn a commission for partners.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button