High penalty for default passwords on IoT devices in the UK


© Getty Images/iStockphoto / Jirsak/iStockphoto

To protect Internet-connected devices in British households from hacker attacks, Great Britain wants to introduce a new law to ban default passwords, as reported by the BBC.

A study by the UK consumer organization Which? has previously shown that households with IoT devices are over 12,000 hacker attacks could expect in a single week.

3 security requirements must be met

Hackers who access a device could subsequently attack an entire home network and steal personal data. The aim is to prevent this in the future with improved protection for smart devices.

3 security requirements must be met for IoT devices sold in the UK:

  • Default passwords that are easy to guess are forbidden. The devices require unique passwords and must not be reset to a universal factory setting.

  • Manufacturers of IoT devices must make a public contact point available to consumers so that they can report weaknesses. You have to react promptly.

  • Manufacturers must also explicitly state the minimum duration for which the device will receive security updates online or in-store.

Act does not apply to laptop and desktop devices

The law is not only aimed at product manufacturers, but also at companies that sell cheap Tach imports. Companies that do not adhere to the order can expect high penalties.

As soon as the law comes into force, the supervisory authority may impose fines of up to 4 percent of total sales. Vehicles, measuring and medical devices, laptops and desktop computers are excluded from the law.

Leave a Comment