No more admin and password: UK security tightening against hacker attacks

The UK intends to guarantee greater safety for consumers who buy connected technology products such as routers, smart speakers, smartphones and IoT devices, keeping them away from possible hacker attacks. A law has been approved that will make jurisprudence, destined as it is to be taken as a starting point also by other countries. Is called the Product Security and Telecommunications Infrastructure Bill (more simply: PSTI), and was approved by the British Parliament.

Did you know that four out of five connected device manufacturers do not take sufficient security measures when placing their products on the market? This means, for example, that the vast majority of routers arrive in stores with classic users: admin and password: password.

Raise your hand if you have never found these two unimaginable words when configuring the network device. Well, British law wants to fight against this lightness, to guarantee consumers the maximum possible safety.

In particular, the PSTI

it will allow the government to ban universal default passwords, force companies to be transparent to customers about what they are doing to correct security flaws in connected products, and create a better public reporting system for vulnerabilities found in products.

It all stems from the mistaken belief that the devices on the market are safe by default: nothing could be more untrue, says the London government, and this puts consumers in danger by exposing them to potential hacking attacks and fraud.

Our bill will put a firewall in everyday technology, from smartphones to thermostats to dishwashers, baby monitors and doorbells, and includes hefty fines for those who fail to meet the new stringent safety standards.

The term safety, therefore, begins to assume a broader meaning even when the product is sold on the market. Security doesn’t have to be alone physics, but also – and today more and more – Informatics. The consumer must be placed in the most comfortable position when purchasing a connected device, be it a thermostat or router.

The law applies to all products that can be connected to the network, such as

  • smartphone
  • smart TV
  • console
  • security cameras
  • alarm systems
  • smart toys
  • baby monitor
  • smart home hub
  • voice assistants
  • smart appliances
  • smart bulbs
  • smart thermostats
  • fitness tracker

They do not fall instead vehicles, smart meters, charging points for electric cars, medical devices, PCs and second-hand products. PCs are excluded as the market for their security solutions is already considered sufficiently mature. Devices such as smart bulbs or thermostats, on the other hand, were until now uncovered by any guarantee of protection.

  • just user and password easy to guess. They must be unique and not restorable (if not then you fall into the classic banalities …)
  • inform customers at the point of sale and keep them updated on the availability of security patches
  • create a public point of contact by manufacturers so that security researchers can report any bugs and risks more easily and promptly

Not following these rules could cost companies, stores (physical and online) and importers dearly: up to £ 10 million in fines (almost 12 million euros) or the 4% of their global turnover, and up to 20,000 pounds (23.6 thousand euros) per day in the event of an infringement in progress. It is also possible for the regulator to block the sale of a specific non-compliant product by withdrawing it from the market.

Leave a Comment