All internet connected smart devices will be required to meet minimum security standards under what the UK government has dubbed as “world first” laws, effective from Monday to protect consumers and businesses from hacking and cyber-attacks.
Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like “admin” or “12345” and if there is a common password, the user will be prompted to change it on start-up. An investigation conducted by the Which? consumer group found that a UK home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world first laws that will make sure their personal privacy, data and finances are safe,” said UK Minister for Cyber Viscount Camrose, Jonathan Berry. The UK’s Department for Science, Innovation and Technology said under the new legal requirement, manufacturers must protect consumers from hackers and cyber criminals from accessing devices with internet or network connectivity – from smartphones to games consoles and connected fridges. It said the new laws are part of the British government’s GBP 2.6-billion National Cyber Strategy to protect and promote Britain online. “Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future,” said UK Data and Digital Infrastructure Minister Julia Lopez.
The government said the new laws are coming into force as part of the Product Security and Telecommunications Infrastructure regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.
Besides password security, manufacturers will have to publish contact details so bugs and issues can be reported and dealt with, and retailers will be required to be open with consumers on the minimum time they can expect to receive important security updates.