The government has announced new legislation which forces internet-connected smart devices to meet minimum security standards.
The new regulation, which the government says is the first of its kind in the world, is designed to protect consumers against cyber threats by banning easily guessable default passwords such as “admin” or “1234”.
The move will force users that choose a common password to change it.
The government said this will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features.
“Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected,” said data and digital infrastructure minister Julia Lopez. “Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future.”
An investigation conducted by consumer champion Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
Rocio Concha, Which? director of policy and advocacy, welcomed the news and said that the Office for Product Safety and Standards (OPSS) will need to take action.
“The OPSS must provide industry with clear guidance and be prepared to take strong enforcement action against manufacturers if they flout the law, but we also expect smart device brands to do right by their customers from day one and ensure shoppers can easily find information on how long their devices will be supported and make informed purchases,” she said.
David Emm, principal security researcher at cybersecurity firm Kaspersky said that the legislation builds on the 2018 Code of Conduct, adding that this failed to provide manufacturers with sufficient incentives to make their devices secure.
“Do not assume the new legislation is enough to protect your connected activities,” he added. “We advise that all customers use two factor authentication where possible on their connected devices, in addition to enabling encryption on their home routers.”
Recent Stories