2 min read

New UK IoT law means huge fines and a ban on default passwords

Graham CLULEY

November 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New UK IoT law means huge fines and a ban on default passwords

The United Kingdom government has introduced new legislation designed to improve the security of "smart" internet-connected devices used in people's homes.

With all manner of Internet of Things (IoT) gizmos - from smart TVs and internet-connected light bulbs to smart speakers and IoT washing machines - cluttering millions of Britons' homes, the Product Security and Telecommunications Infrastructure (PSTI) Bill requires manufacturers and sellers of IoT devices and gadgets to meet new cybersecurity standards to better protect customers' privacy and security.

The UK says that the new legislation will allow it to force firms into being transparent with customers about what they are doing to fix security flaws, create a better public reporting system for vulnerabilities, and ban universal default passwords.

And any organisation which fails to abide by the rules once the new bill comes into force could find itself fined up to £10 million or 4% of their global turnover, as well as up up to £20,000 a day in the case of an ongoing contravention.

In addition, a newly-created regulator will be able to require companies that fail to comply with security requirements to recall products, or stop selling or supplying them altogether.

Holding manufacturers and vendors to account for the poor quality of their internet-connected devices is long overdue, with an average UK household owning nine connected tech products.

According to the bill, devices that will have to abide by the new security requirements include:

  • smartphones
  • connected cameras, TVs and speakers
  • connected children’s toys and baby monitors
  • connected safety-relevant products such as smoke detectors and door locks
  • Internet of Things base stations and hubs to which multiple devices connect
  • wearable connected fitness trackers
  • outdoor leisure products, such as handheld connected GPS devices that are not wearables
  • connected home automation and alarm systems
  • connected appliances, such as washing machines and fridges
  • smart home assistants

Other internet connected devices - such as cars, smart meters, medical devices, and desktop and laptop computers - do not appear to fall within the bill's remit.

"Every day hackers attempt to break into people's smart devices. Most of us assume if a product is for sale, it's safe and secure. Yet many are not, putting too many of us at risk of fraud and theft," said Julia Lopez, the UK minister for media, data and digital infrastructure. "Our bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Will this legislation be enough to stop IoT devices being sold that lack proper security?  Definitely not. But it is an important step in the right direction, and if the UK government evolves the law to handle the ever more complex world of security flaws, there is hope that things will begin to get better.

tags


Author



Right now

Top posts

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read