Think of the last time you set up a new smart device. It probably came with a default password manufacturers intend for people to use once before setting their own login details. But did you take that step? Many consumers don’t, which is why the United Kingdom’s government has cracked down on those passwords as part of larger improvements in smart security. What do they involve? World-First Law Against Default Passwords The Product Security and Telecommunications Infrastructure (PSTI) Act, enacted on April 29, 2024, makes the United Kingdom the first country to legally obligate manufacturers to protect device users against hacking attempts. Default passwords are a central focus. Those become problematic because default password lists often get distributed online, making it easy for cybercriminals to find entry points for wreaking havoc. The newly introduced legislation applies to all products with network or internet connectivity and forbids manufacturers from setting easily guessable passwords, such as “12345” or “admin.” If the device password contains them, users see prompts to change the credentials. Consumer information about the new law suggestsdevice users create passwords containing three random words. It also recommends two-factor authentication, if available. Such safeguards reduce the chances of adversaries successfully using artificial intelligence (AI) or other emerging tech to guess passwords faster or enter accounts with only those credentials. One security professionals study found 89% of respondents believe AI-enabled threats will cause challenges for the foreseeable future. Now is the time to take proactive prevention measures. One AI password cracker can discover 51% of credentials in less than a minute. That result highlights the importance of using strong passwords and other safeguards to secure smart home products. More User Transparency Another legislative aspect involves manufacturers publishing contact details so users can reach them to report bugs or other problems. Then, device makers and retailers must be upfront with users about the minimum time frames for providing security updates. There’s currently significant variation, with some vendors offering them for approximately two years while others release improvements for more than a decade. Many smart products state specifications such as battery life and compatibility with other products. You can expect to soon see similar information about security updates under the new laws. Think of them like the use-by dates on supermarket products. You’ve probably had a few foods spoil even though the label said they should have been still good to eat. Security updates are also not foolproof, but they make it harder for cybercriminals to break into smart devices. Many enterprising hackers specifically target older operating systems or devices no longer supported by their manufacturers. Effects Beyond the United Kingdom While this is a U.K. law, it applies to companies selling or importing products there. Compliance failures are criminal offenses carrying fines of up to £10 million or 4% of the qualifying global revenue. Since most internet-connected products in the United Kingdom get made elsewhere, it’ll be interesting to see if manufacturers update their product packaging and user manuals to show the newly required information in other markets. Long security update time frames could also become a competitive advantage. Some brands already use that approach. When Dutch smartphone maker Fairphone released its fifth-generation model, the manufacturer promised users operating system, security, and software updates until 2031. Consumers Must Act, Too The PSTI Act increases device manufacturers’ responsibilities, but no one should allow this law to make them overly comfortable. Most reputable resources explaining the law to consumers emphasize the importance of setting strong passwords and using two-factor authentication with their smart devices. The need for password protection extends to changing credentials after relationship breakups, housemate changes, or similar residential variables. Otherwise, someone could continue controlling connected smart home devices long after they move out, as long as they know the password. Additionally, device users should check for software updates regularly, and — ideally — tweak settings to make them happen automatically for convenience. If there is no such option, a simple workaround is for someone to create monthly calendar reminders to look for new releases. Striving for Security First An enduring culture among some smart device makers involves releasing new devices as quickly as possible, treating security as an afterthought. However, people will soon lose their fascination with pioneering products that have major security flaws. The new law mandates security improvements from device makers, which is an excellent start. However, consumers must also take a couple of simple but effective steps to stop their devices from becoming hackers’ entry points. Sources: https://www.gov.uk/government/news/new-laws-to-protect-consumers-from-cyber-criminals-come-into-force-in-the-uk https://www.ncsc.gov.uk/files/Security-law-smart-devices-NCSC.pdf https://darktrace.com/blog/the-state-of-ai-in-cybersecurity-how-ai-will-impact-the-cyber-threat-landscape-in-2024 https://9to5mac.com/2023/04/07/ai-cracks-passwords-this-fast-how-to-protect/ https://www.which.co.uk/news/article/new-security-laws-for-smart-devices-aGJO50M7C3jo https://www.ncsc.gov.uk/blog-post/smart-devices-law Think of the last time you set up a new smart device. It probably came with a default password manufacturers intend for people to use once before setting their own login details. But did you take that step? Many consumers don’t, which is why the United Kingdom’s government has cracked down on those passwords as part of larger improvements in smart security. What do they involve? World-First Law Against Default Passwords World-First Law Against Default Passwords The Product Security and Telecommunications Infrastructure (PSTI) Act, enacted on April 29, 2024, makes the United Kingdom the first country to legally obligate manufacturers to protect device users against hacking attempts. Default passwords are a central focus. Those become problematic because default password lists often get distributed online, making it easy for cybercriminals to find entry points for wreaking havoc. The newly introduced legislation applies to all products with network or internet connectivity and forbids manufacturers from setting easily guessable passwords, such as “12345” or “admin.” If the device password contains them, users see prompts to change the credentials. forbids manufacturers from setting forbids manufacturers from setting Consumer information about the new law suggests device users create passwords containing three random words. It also recommends two-factor authentication, if available. Such safeguards reduce the chances of adversaries successfully using artificial intelligence (AI) or other emerging tech to guess passwords faster or enter accounts with only those credentials. device users create passwords device users create passwords One security professionals study found 89% of respondents believe AI-enabled threats will cause challenges for the foreseeable future. Now is the time to take proactive prevention measures. One AI password cracker can discover 51% of credentials in less than a minute. That result highlights the importance of using strong passwords and other safeguards to secure smart home products. found 89% of respondents believe found 89% of respondents believe 51% of credentials in less 51% of credentials in less More User Transparency More User Transparency Another legislative aspect involves manufacturers publishing contact details so users can reach them to report bugs or other problems. Then, device makers and retailers must be upfront with users about the minimum time frames for providing security updates. There’s currently significant variation, with some vendors offering them for approximately two years while others release improvements for more than a decade. offering them for approximately two years offering them for approximately two years Many smart products state specifications such as battery life and compatibility with other products. You can expect to soon see similar information about security updates under the new laws. Think of them like the use-by dates on supermarket products. You’ve probably had a few foods spoil even though the label said they should have been still good to eat. Security updates are also not foolproof, but they make it harder for cybercriminals to break into smart devices. Many enterprising hackers specifically target older operating systems or devices no longer supported by their manufacturers. Effects Beyond the United Kingdom Effects Beyond the United Kingdom While this is a U.K. law, it applies to companies selling or importing products there. Compliance failures are criminal offenses carrying fines of up to £10 million or 4% of the qualifying global revenue. fines of up to £10 million fines of up to £10 million Since most internet-connected products in the United Kingdom get made elsewhere, it’ll be interesting to see if manufacturers update their product packaging and user manuals to show the newly required information in other markets. Long security update time frames could also become a competitive advantage. Some brands already use that approach. When Dutch smartphone maker Fairphone released its fifth-generation model, the manufacturer promised users operating system, security, and software updates until 2031. Consumers Must Act, Too Consumers Must Act, Too The PSTI Act increases device manufacturers’ responsibilities, but no one should allow this law to make them overly comfortable. Most reputable resources explaining the law to consumers emphasize the importance of setting strong passwords and using two-factor authentication with their smart devices. The need for password protection extends to changing credentials after relationship breakups, housemate changes, or similar residential variables. Otherwise, someone could continue controlling connected smart home devices long after they move out, as long as they know the password. Additionally, device users should check for software updates regularly, and — ideally — tweak settings to make them happen automatically for convenience. If there is no such option, a simple workaround is for someone to create monthly calendar reminders to look for new releases. Striving for Security First Striving for Security First An enduring culture among some smart device makers involves releasing new devices as quickly as possible, treating security as an afterthought. However, people will soon lose their fascination with pioneering products that have major security flaws. The new law mandates security improvements from device makers, which is an excellent start. However, consumers must also take a couple of simple but effective steps to stop their devices from becoming hackers’ entry points. Sources: Sources: https://www.gov.uk/government/news/new-laws-to-protect-consumers-from-cyber-criminals-come-into-force-in-the-uk https://www.gov.uk/government/news/new-laws-to-protect-consumers-from-cyber-criminals-come-into-force-in-the-uk https://www.gov.uk/government/news/new-laws-to-protect-consumers-from-cyber-criminals-come-into-force-in-the-uk https://www.ncsc.gov.uk/files/Security-law-smart-devices-NCSC.pdf https://www.ncsc.gov.uk/files/Security-law-smart-devices-NCSC.pdf https://www.ncsc.gov.uk/files/Security-law-smart-devices-NCSC.pdf https://darktrace.com/blog/the-state-of-ai-in-cybersecurity-how-ai-will-impact-the-cyber-threat-landscape-in-2024 https://darktrace.com/blog/the-state-of-ai-in-cybersecurity-how-ai-will-impact-the-cyber-threat-landscape-in-2024 https://darktrace.com/blog/the-state-of-ai-in-cybersecurity-how-ai-will-impact-the-cyber-threat-landscape-in-2024 https://9to5mac.com/2023/04/07/ai-cracks-passwords-this-fast-how-to-protect/ https://9to5mac.com/2023/04/07/ai-cracks-passwords-this-fast-how-to-protect/ https://9to5mac.com/2023/04/07/ai-cracks-passwords-this-fast-how-to-protect/ https://www.which.co.uk/news/article/new-security-laws-for-smart-devices-aGJO50M7C3jo https://www.which.co.uk/news/article/new-security-laws-for-smart-devices-aGJO50M7C3jo https://www.which.co.uk/news/article/new-security-laws-for-smart-devices-aGJO50M7C3jo https://www.ncsc.gov.uk/blog-post/smart-devices-law https://www.ncsc.gov.uk/blog-post/smart-devices-law https://www.ncsc.gov.uk/blog-post/smart-devices-law

How Can Robotics Be Implemented for Remote Surgery?

How Can You Integrate Cybersecurity Into Your Content Automation Process?

Read My Stories

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

UK Prohibits '12345' Passwords in Smart Device Security Overhaul

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

3 Ways CFOs can Prevent Phishing Attacks

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Tips Everyone Should Follow

10 Best Practices for Securing Your API

3 Ways CFOs can Prevent Phishing Attacks

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Tips Everyone Should Follow

10 Best Practices for Securing Your API

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps