2 min read

New UK IoT law means huge fines and a ban on default passwords

Graham CLULEY

November 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New UK IoT law means huge fines and a ban on default passwords

The United Kingdom government has introduced new legislation designed to improve the security of "smart" internet-connected devices used in people's homes.

With all manner of Internet of Things (IoT) gizmos - from smart TVs and internet-connected light bulbs to smart speakers and IoT washing machines - cluttering millions of Britons' homes, the Product Security and Telecommunications Infrastructure (PSTI) Bill requires manufacturers and sellers of IoT devices and gadgets to meet new cybersecurity standards to better protect customers' privacy and security.

The UK says that the new legislation will allow it to force firms into being transparent with customers about what they are doing to fix security flaws, create a better public reporting system for vulnerabilities, and ban universal default passwords.

And any organisation which fails to abide by the rules once the new bill comes into force could find itself fined up to £10 million or 4% of their global turnover, as well as up up to £20,000 a day in the case of an ongoing contravention.

In addition, a newly-created regulator will be able to require companies that fail to comply with security requirements to recall products, or stop selling or supplying them altogether.

Holding manufacturers and vendors to account for the poor quality of their internet-connected devices is long overdue, with an average UK household owning nine connected tech products.

According to the bill, devices that will have to abide by the new security requirements include:

  • smartphones
  • connected cameras, TVs and speakers
  • connected children’s toys and baby monitors
  • connected safety-relevant products such as smoke detectors and door locks
  • Internet of Things base stations and hubs to which multiple devices connect
  • wearable connected fitness trackers
  • outdoor leisure products, such as handheld connected GPS devices that are not wearables
  • connected home automation and alarm systems
  • connected appliances, such as washing machines and fridges
  • smart home assistants

Other internet connected devices - such as cars, smart meters, medical devices, and desktop and laptop computers - do not appear to fall within the bill's remit.

"Every day hackers attempt to break into people's smart devices. Most of us assume if a product is for sale, it's safe and secure. Yet many are not, putting too many of us at risk of fraud and theft," said Julia Lopez, the UK minister for media, data and digital infrastructure. "Our bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Will this legislation be enough to stop IoT devices being sold that lack proper security?  Definitely not. But it is an important step in the right direction, and if the UK government evolves the law to handle the ever more complex world of security flaws, there is hope that things will begin to get better.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read