Security-by-design is coming to UK smart devices as a new law comes into effect, forcing manufacturers to follow stricter regulations to protect consumers from cyber-threats.
The new law will ensure that manufacturers meet minimum-security standards on all smart devices, legally requiring them to protect consumers from hackers and cyber-criminals.
Manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’ and if there is a common password the user will be promoted to change it on start-up.
This will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features and used to attack major internet platforms and services, leaving much of the US East Coast without internet.
Since then, similar attacks have occurred on UK banks including Lloyds and RBS leading to disruption to customers.
The move marks a significant step towards boosting the UK’s resilience towards cyber-crime, as recent figures show 99% of UK adults own at least one smart device and UK households own an average of nine connected devices. The new regime will also help give customers confidence in buying and using products, which will in turn help grow businesses and the economy.
An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
“As every-day life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater,” minister for cyber, Viscount Camrose said.
“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world first laws that will make sure their personal privacy, data and finances are safe.
“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”
With 57% of households owning a smart TV, 53% owning a voice assistant and 49% owning a smart watch or fitness wristband, this new regime reinforces the government’s commitments to addressing these threats to society and the economy head on.
The laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.
The new measures will also introduce a series of improved security protections to tackle the threat of cyber-crime, including banning easily guessable passwords.
Further, manufacturers will have to publish contact details so bugs and issues can be reported and dealt with, and they must be open with consumers on te minimum time they can expect to receive important security updates.
“Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected,” data and digital infrastructure minister, Julia Lopez, said.
Recommended reading
“Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future.”
National Cyber Security Council (NCSC) deputy director for economy and society, Sarah Lyons, added “Smart devices have become an important part of our daily lives, improving our connectivity at home and at work; however, we know this dependency also presents an opportunity for cyber criminals.
“Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber-attacks and this landmark Act will help consumers to make informed decisions about the security of products they buy.
“I encourage all businesses and consumers to read the NCSC’s point of sale leaflet, which explains how the new Product Security and Telecommunications Infrastructure (PSTI) regulation affects them and how smart devices can be used securely.”
Related
This post was originally published on the 3rd party site mentioned in the title of this this site