2 min read

New UK IoT law means huge fines and a ban on default passwords

Graham CLULEY

November 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New UK IoT law means huge fines and a ban on default passwords

The United Kingdom government has introduced new legislation designed to improve the security of "smart" internet-connected devices used in people's homes.

With all manner of Internet of Things (IoT) gizmos - from smart TVs and internet-connected light bulbs to smart speakers and IoT washing machines - cluttering millions of Britons' homes, the Product Security and Telecommunications Infrastructure (PSTI) Bill requires manufacturers and sellers of IoT devices and gadgets to meet new cybersecurity standards to better protect customers' privacy and security.

The UK says that the new legislation will allow it to force firms into being transparent with customers about what they are doing to fix security flaws, create a better public reporting system for vulnerabilities, and ban universal default passwords.

And any organisation which fails to abide by the rules once the new bill comes into force could find itself fined up to £10 million or 4% of their global turnover, as well as up up to £20,000 a day in the case of an ongoing contravention.

In addition, a newly-created regulator will be able to require companies that fail to comply with security requirements to recall products, or stop selling or supplying them altogether.

Holding manufacturers and vendors to account for the poor quality of their internet-connected devices is long overdue, with an average UK household owning nine connected tech products.

According to the bill, devices that will have to abide by the new security requirements include:

  • smartphones
  • connected cameras, TVs and speakers
  • connected children’s toys and baby monitors
  • connected safety-relevant products such as smoke detectors and door locks
  • Internet of Things base stations and hubs to which multiple devices connect
  • wearable connected fitness trackers
  • outdoor leisure products, such as handheld connected GPS devices that are not wearables
  • connected home automation and alarm systems
  • connected appliances, such as washing machines and fridges
  • smart home assistants

Other internet connected devices - such as cars, smart meters, medical devices, and desktop and laptop computers - do not appear to fall within the bill's remit.

"Every day hackers attempt to break into people's smart devices. Most of us assume if a product is for sale, it's safe and secure. Yet many are not, putting too many of us at risk of fraud and theft," said Julia Lopez, the UK minister for media, data and digital infrastructure. "Our bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Will this legislation be enough to stop IoT devices being sold that lack proper security?  Definitely not. But it is an important step in the right direction, and if the UK government evolves the law to handle the ever more complex world of security flaws, there is hope that things will begin to get better.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read