UK government announces `` regulations to abolish the default password of IoT devices ''
by
In recent years, IoT devices that perform various functions by connecting to the Internet have become widespread in ordinary households. Meanwhile, in the UK, in order to improve the security of IoT devices, a 'regulation to abolish the factory default password for IoT devices' has been set.
Government to strengthen security of internet-connected products-GOV.UK
https://www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products
Why the UK is banning default passwords in IoT devices-NS Tech
https://tech.newstatesman.com/security/uk-banning-default-passwords
IoT security: Your smart devices must have these three features to be secure | ZDNet
https://www.zdnet.com/article/iot-security-your-smart-devices-must-have-these-three-features-to-be-secure/
Sales of IoT devices, including home appliances such as washing machines and refrigerators and AI assistants, are increasing year by year, and it is expected that 7.5 billion IoT devices will be installed worldwide by 2025. However, with the spread of IoT devices, a problem has been the security vulnerabilities of IoT devices.
'IoT devices without security holes are everywhere in the market,' said Nicole Eagan, CEO of security firm Darktrace. There have been reports of casino customer lists leaking from IoT thermostats that control the temperature of aquarium fish tanks, and cases of hijacking robotic vacuum cleaners with cameras and abusing them as indoor surveillance cameras.
Hackers can also hijack IoT devices and launch DDoS attacks . In 2016, it was also found that hackers who hijacked more than 500,000 IoT devices and built botnets were conducting unprecedented DDoS attacks at 1 terabit per second.
60 bad passwords that triggered a DDoS attack `` Mirai '' that hijacked 500,000 IoT devices-gigazine
Meanwhile, the UK's Ministry of Digital, Cultural, Media and Sports has announced regulations that require that consumer smart devices sold in the UK meet three security requirements:
◆ 1: All consumer devices connected to the Internet must have a unique password and cannot be reset to a common factory setting.
◆ 2: Manufacturers of consumer IoT devices need to publish contacts so that anyone can report vulnerabilities, and address the vulnerabilities immediately.
* 3: Manufacturers of consumer IoT devices must specify the shortest time period within which devices can receive security updates, either over-the-counter or online.
by halfpoint
Many IoT devices come with a simple default password that cannot be changed, but keeping the factory default password is a security concern. Also, there are cases where there is no way to contact the manufacturer if consumers notice security vulnerabilities. In addition, if a security update on a purchased product suddenly stops, a consumer-owned IoT device can also be a security hole. The new regulations are being made to prevent problems with these IoT devices, and products that do not comply may be suspended from selling in the UK.
The regulation was developed in collaboration between the industry and the National Cyber Security Center (NCSC) , a state-run cybercrime center. At the time of writing, it is unknown what kind of law the new regulations will be enforced, but the government will support the long-term growth of the IoT while effectively protecting consumers He seems to be aiming to realize the law.
`` Since smart technology is becoming the center of our lives, regulations to better protect us are welcome, '' said Nicola Hudson, director of policy and public relations at the NCSC. It's secure and gives consumers the peace of mind that issues such as pre-set passwords and security update outages are a thing of the past. '
by methodshop
'Our goal is to make Britain one of the world's leading digital economies, but to achieve this ambition, we need people to do so,' said Matt Warman , Deputy Secretary of State at the Ministry of Digital, Culture, Media and Sports. Must be able to trust the technology. ' Warman said he wanted the UK to be a safe online place without disrupting innovation with new regulations.
Related Posts: