UK bans universal default passwords for connected objects, fines await those who do not comply

The UK now bans universal default passwords for IoT or Internet of Things devices under its new law. In addition, heavy penalties await companies that disobey and fail to comply.

(Photo: by Leon Neal / Getty Images)
LONDON, ENGLAND – AUG 09: In this photo illustration, a woman is silhouetted against a projection of a password login dialog box on August 09, 2017 in London, England. With so many areas of modern life requiring identity verification, online security remains a constant concern, especially in the wake of the recent wave of global hacks.

UK bans universal default passwords for connected objects

The UK Parliament passed the new law, which expressed its aversion to default passwords, to prevent them from being reset after the device was restored to factory settings, according to the Gizmodo report.

Instead, the bill called The Product Security and Telecommunications Infrastructure Bill or PSTI now requires tech companies to use unique passwords for IoT home devices.

UK Media, Data and Digital Infrastructure Minister Julia Lopez said in a statement that cyber attacks or hackers try to “break into people’s smart devices” in alarming ways on a daily basis.

Lopez further noted that consumers have a false sense of security when it comes to products sold in the market. Instead, these devices “put many of us at risk of fraud and theft.”

Meanwhile, according to the BBC article, a recent study by the consumer watchdog titled “Which?” have shown that smart home devices are exposed to thousands of cyber attacks, compromising homeowner security.

To be precise, there are potentially around 12,000 attacks on IoT devices every week, according to recent research.

That said, a security expert told the BBC that banning default passwords was the “first step” to further prevent such attacks.

On top of that, another report from cybersecurity firm Symantec in 2020 also showed that universal IoT passwords expose home devices to cyber attacks.

The study then found that 55% of IoT attacks used the default password “123456”. On the other hand, 3% of hacking incidents were infiltrated by another universally used password, “admin”.

Default passwords and fines

That said, the UK’s PSTI bill aims to increase the security of smart home devices by punishing tech companies that use universal passwords by default.

The high fine that the British nation is imposing is no joke.

In fact, companies that fail to meet new security standards in the region will have to pay $ 11.2 million or € 10 million.

Not to mention, the penalty could be more costly as there is also an option to base it on the tech firm’s global revenue of up to four percent.

Read also: UK Watchdog surveys Apple and Google on how they reach the age range of its users

UK law requires more transparency in security updates

On top of that, the new law also requires tech companies to be more transparent about both security patches and updates to their smart home products.

It should be noted that the bill further claimed that only 20% of IoT companies practiced transparency for their security updates. As such, the new law is poised to change those numbers.

Associated article: North Korean-backed hackers allegedly modified malware to violate US, UK and other countries

This article is the property of Tech Times

Written by Teejay Boris

2021 All rights reserved. Do not reproduce without permission.

About Marion Browning

Check Also

San Diego County COVID Vaccination Clinics Now Accepting More IDs

San Diego County has changed its public COVID-19 vaccination policy to indicate that its vaccination …