The United Kingdom Parliament is introducing a new legislation to “protect people’s personal tech from hackers”. This includes banning universal default passwords and to make sure manufacturers, importers, and distributors of digital tech meet “tough new cyber security standards”.
“Consumers will be better protected from attacks by hackers on their phones, tablets, smart TVs, fitness trackers and other internet-connectable devices thanks to a new world-leading law introduced today by the government,” wrote the UK government’s Department for Digital, Culture, Media & Sport in a press release.
The bill, called The Product Security and Telecommunications Infrastructure Bill (PSTI), would require all internet-connected gadgets to mandate unique passwords. It would also prohibit passwords from being reset to “factory defaults”. According to the press release, the bill would also force companies to increase transparency around when their products require security updates and patches.
The government intends to exempt some products like vehicles, smart meters, electric vehicle charging points, and medical devices. This is as these items don’t need material improvements in product or user security. Desktop and laptop computers are not in scope, either. They are served by the antivirus software market, unlike smart speakers and other emerging consumer tech.
Companies that refuse to comply with the security standards could reportedly face fines of GBP 10 million (RM56 million), or four percent of their global revenues. In addition to that, the fine could also go up to GBP 20,000 (RM1.1 million) a day in the case of an ongoing contravention.
In the first half of 2021, the UK government reported that there were 1.5 billion attempted compromises of Internet of Things (IoT) devices—double the 2020 figure. They also sourced a recent investigation that revealed that a home filled with smart devices “could be exposed to more than 12,000 hacking or unknown scanning attacks from across the world in a single week”.
“Every day hackers attempt to break into people’s smart devices. Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft… Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards,” said UK’s Minister for Media, Data and Digital Infrastructure Julia Lopez.
The new legislation would attempt to solve the problem of weak IoT passwords in things like smart home items, which have increasingly been susceptible to attackers. According to a 2020 report by cybersecurity company Symantec, 55% of IoT passwords used in IoT attacks were “123456.” Another 3% of the attacked devices featured the password “admin.”