In the new UK law, there are huge penalties and an outright ban on default passwords

By Jane Wakefield
Technology reporter

Image source, Getty Images
Image caption

With more connected products to the internet, homes are becoming smarter

New legislation has been introduced by the government to prevent smart devices from being stolen.

Which? recently conducted research. Research by Which suggests that smart-device-equipped homes can be vulnerable to up to 12,000 attack in just one week.

Firms that do not adhere to the rules will be subject to severe fines.

According to one expert, it is an essential “first step”.

Cyber-criminals are increasing targeting devices, from smartphones and smart TVs to internet-connected dishwashers and home speakers. Hackers can gain access to one device and then access whole homes networks, stealing personal information.

For example, in 2017, hackers were able to steal data from a US casino through an internet-connected fish aquarium. People have reported accessing their homes via webcams, and talking to relatives.

Poor security at home could be the reason for illegally uploading child abuse photos from home networks, which led police to accuse an innocent couple.

  • Six million Sky routers suffered serious security problems
  • New law will help secure the internet of everything
  • Is it possible that my wi-fi was weak enough to bring the police at my doorstep?

Cyber-breaches are not covered by the same rules as those protecting against overheating or electrocuts.

Three new rules are set forth in the Product Security and Telecommunications Infrastructure Bill.

  • Devices with easy-to-guess passwords are now banned. Every product now needs unique passwords. They cannot be reset to factory default.
  • When a customer buys a device, they must inform them about the minimal time that it will get security updates and patches. If the product is not receiving either of these, it must be revealed.
  • A public contact point will be provided to security experts for reporting bugs or flaws.

A regulator will supervise the new regime, who will be appointed after the bill is in force. It will have the power to fine companies up to £10m or 4% of their global turnover, as well as up to £20,000 a day for ongoing contraventions.

This applies not only to digital product makers, but also businesses selling cheap imports to the UK.

This includes devices like smartphones, routers security cameras, game consoles, smart speakers, white goods, toys, and white goods with internet access.

It does not cover smart meters, vehicles and medical devices. It does not include laptop and desktop computers.

Julia Lopez (Minister for Media Data and Digital Infrastructure) stated: “Everyday hackers try to penetrate people’s smart device. Many of us believe that products are safe and secure if they’re for sale. Too many people aren’t sure, leading to fraud and theft.

Our bill will place a firewall around every tech, from smartphones and thermostats to baby monitors and dishwashers. We also see massive fines for anyone who violates our new security standards.

Security firm Pen Test Partners’ Ken Munro has pointed out many flaws in internet-connected devices. According to him, the legislation is a “big step forward in the right direction”.

“However. “It’s crucial that the government recognizes that this step is just one. “These laws must be continuously improved to address complex security issues with smart devices,” he stated.

What about Which? Which?

State hacking

Another piece of legislation, the Telecommunications (Security) Act (which received Royal Assent last Thursday), will allow Ofcom new powers for monitoring the security of the telecoms network. Fines of up to 10% of turnover or £100,000 a day can be issued for those that fail to meet standards.

This was described as “a substantial step” by the UK government to safeguard it from any hostile action from either criminals or state actors.

The government has blamed a variety of cyberattacks on Russia, China and North Korea over the last two years.


Share Your Comment Below



Please enter your comment!
Please enter your name here