The UK government submits a bill prohibiting the default setting of easy passwords such as 'password' and 'admin'



The UK Government has announced that it has submitted a 'Product Security and Telecommunications Infrastructure (PSTI) Bill' to Parliament aimed at improving the security of smart home devices. The bill prohibits setting default passwords for digital devices such as smartphones, TVs, and smart speakers with easy-to-guess strings such as 'password' and 'admin,' and imposes severe fines on violating companies. increase.

New cyber laws to protect people's personal tech from hackers --GOV.UK
https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers



New UK law will hit smart home device makers with big fines for using default passwords | Engadget
https://www.engadget.com/uk-law-imposes-stiff-fines-on-insecure-smart-home-devices-200031873.html

The UK government predicts that the usage of high-tech products that can connect to the Internet has increased dramatically in recent years, with up to 50 billion devices used worldwide by 2030. However, only about 20% have appropriate security measures in place for these connectable products, the UK government says. The UK's National Cyber Security Center reports that in the first half of 2021, there were 1.5 billion breaches of IoT devices in the UK, and the number of damages has already almost doubled in 2020. ..

The PSTI bill submitted this time was drafted in 2020, prohibiting the use of easy-to-guess default passwords, including classic ones such as 'password' and 'admin', and 'passwords are unique to the device and shipped from the factory. It must be something that cannot be reset to the time setting. ' Products subject to regulation are IoT-compatible home appliances such as smartphones, routers, surveillance cameras, game machines, home speakers, baby monitors, washing machines, and refrigerators. It also covers products that do not have a direct internet connection, such as smart light bulbs and wearable fitness trackers.



Manufacturers are required to inform their customers of the minimum required period for security patches and updates at the time of sale and to keep them up to date. If your product does not contain security patches or updates, you must disclose that fact. Manufacturers also need to have a contact point for security researchers who discover bugs and vulnerabilities. Violators will be fined up to £ 10m or 4% of total sales, and if they continue to violate, they will be fined up to £ 20,000 a day. ) Will be fined. The law also applies not only to manufacturers, but also to retailers that import and sell high-tech products to the United Kingdom.

Julia Lopez, Minister of Media, Data and Digital Infrastructure in the United Kingdom, said, 'Hackers are trying to break into people's smart devices every day. We tend to think that the products on sale are safe and secure. But it's actually at risk of fraud and theft. The PSTI bill sets strict security standards for everyday technologies, from phones and heating to dishwashers and doorbells, which can be huge for those who violate them. I will be fined. '

in Security, Posted by log1i_yk