UK Aims to Now Ban Universal Default Passwords!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The UK Govt. seeks to ban universal default passwords, force companies to be more transparent about fixing security flaws & introduce big fines for failure to comply.

The Product Security & Telecommunications Infrastructure Bill, introduced to the UK Parliament, is drafted to better protect consumers from attacks by malicious hackers on their phones, tablets, smart TVs, fitness trackers, & other internet of things (IoT) devices.

Smart Devices

“Everyday hackers attempt to break into people’s smart devices. Most of us assume if a product is for sale, it is safe & secure. Yet many are not, putting too many of us at risk of fraud & theft.

Our Bill will put a firewall around everyday tech from phones & thermostats to dishwashers, baby monitors & doorbells, & see huge fines for those who fall foul of tough new security standards,” Minister for Media, Data & Digital Infrastructure Julia Lopez is explained in a press release.

The Bill applies to products that can access the internet, e.g. game consoles, security cameras, alarm systems, baby monitors, & many others.

Exceptions

The Govt. intends to exempt products, such as vehicles, smart meters, electric vehicle charging points, & medical devices, as they would become subject to double regulation, which would not lead to increased security.

Desktop & laptop computers are also not in scope as they are “served by a mature antivirus software market, unlike smart speakers & other emerging consumer tech.”

A new law will require manufacturers, importers, & distributors to meet new cyber-security standards.

It will allow the Govt. to ban universal default passwords, force companies to be more transparent with consumers about vulnerabilities & patches & create a better public reporting system for flaws discovered in various products.

Scanning Attacks

States the press release, on average, there are 9 connected tech products in every household.

Consumers wrongfully assume they are safe, when in fact, recent research by Which? found that a home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks from across the world in a single week.

New Law Proposals:

  1. A ban on easy-to-guess default passports that come preloaded on devices – such as ‘password’ or ‘admin’ – which are a target for hackers. All passwords that come with new devices will need to be unique & not resettable to any universal factory setting.
  2. A requirement for connectable product manufacturers to tell customers at the point of sale & keep them updated about the minimum amount of time a product will receive vital security updates & patches. If a product does not come with security updates, that must be disclosed.

This will increase people’s awareness about when the products they buy could become vulnerable so they can make better-informed purchasing decisions. Nearly 80% of these firms do not have any such system in place.

  1. New rules that require manufacturers to provide a public point of contact to make it simpler for security researchers & others to report when they discover flaws & bugs in products.

Fines

Companies that will not abide by the law could face a fine of up to £10m or 4% of their global turnover, as well as up to £20k a day in the case of an ongoing contravention.

The new law will apply to manufacturers, physical shops, & online retailers, who will be forbidden from selling products to UK customers unless they meet the security requirements & will be required to pass essential information about security updates on to customers.

Virtual Conference December 2021

 

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds