Hefty fines and default password ban in the new UK law
by Jane Wakefield
Technology reporter
- Published
Sharing information
The government has introduced new legislation to protect smart devices in people’s homes from hackers.
Recent research from the consumer watchdog Which one? suggested that homes filled with smart devices could be exposed to more than 12,000 attacks in just one week.
Default passwords for internet-connected devices will be banned and companies that don’t comply will face hefty fines.
One expert said it was an important “first step”.
Cybercriminals are increasingly targeting products like internet-connected phones and smart TVs, home speakers, and dishwashers. Hackers who can gain access to a vulnerable device can then access entire home networks and steal personal data.
In 2017, for example, hackers stole data from a US casino via an internet-connected aquarium. There have also been reports of people accessing home webcams and talking to family members.
And poor security on a home Wi-Fi router may have been behind the uploading of illegal child abuse images from a home network that led police to accuse an innocent couple of the crime.
- Six million Sky routers had serious security holes
- Plan to secure the Internet of Things with a new law
- Weak Wi-Fi brought the police to my door?
While there are strict rules on protecting people from physical harm, such as overheating, sharp components, or electric shock, there are no such rules for cyber breaches.
The Law on Product Safety and Telecommunication Infrastructure establishes three new rules:
- easy-to-guess default passwords preloaded on devices are banned. All products now require unique passwords that cannot be reset to factory settings
- customers should be notified when purchasing a device the minimum time it will receive vital security updates and patches. If a product doesn’t get it either, that too needs to be disclosed
- security researchers will have a public contact point to report defects and bugs
The new regime will be overseen by a regulator, who will be appointed once the bill comes into effect. It will have the power to fine companies up to £ 10 million or 4% of their global turnover, as well as up to £ 20,000 per day for ongoing violations.
The rules apply not only to manufacturers of digital products, but also to companies that sell cheap technology imports to the UK.
Its scope includes a range of devices, from smartphones, routers, security cameras, game consoles, home speakers and Internet-enabled appliances and toys.
But it doesn’t include vehicles, smart meters and medical devices. Desktop and laptop computers are also not within his purview.
Julia Lopez, Minister for Media, Data and Digital Infrastructure, said: “Every day hackers try to break into people’s smart devices. Most of us think that if a product is on sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft.
“Our bill will put a firewall around everyday technology, from telephones and thermostats to dishwashers, baby monitors and doorbells, and will see hefty fines for those who fail to meet the new stringent safety standards.”
Ken Munro of security firm Pen Test Partners has highlighted many vulnerabilities in Internet-connected devices. He told the BBC that the legislation was “a big step in the right direction”.
“However, it is important for the government to recognize that this is only the first step. These laws will need continuous improvement to address more complex security problems in smart devices,” he said.
Is that? he said it is critical that the rules apply to online marketplaces where he has “often found security risk products sold on a large scale.”
Status hacking
A separate piece of legislation that gained royal approval last week – the Telecommunications (Security) Act – will give Ofcom new powers to monitor the security of telecommunications networks. Fines of up to 10% of turnover or £ 100,000 per day can be issued for those who do not meet the standards.
The government described it as “a significant step” to protect the UK from hostile activity by state or criminal actors.
Over the past two years, the government has attributed a series of cyber attacks to Russia, China, North Korea and Iran.
Related topics
- Computer hacking
Six million Sky routers had serious security holes
- Published
- 5 days ago
Why is Huawei still in the UK?
- Published
- May 17
Read More about Tech News here.
This Article is Sourced from BBC News. You can check the original article here: Source