UK lawmakers are sick and tired Bad The Internet of Things Password And to prove it, it is enacting laws with severe penalties and sanctions. New Law, Introduced in the UK Parliament this week, will ban universal default passwords and will work to create what supporters call a “firewall around everyday technology”.
Specifically, the bill, called the Product Security and Telecommunications Infrastructure Bill (PSTI), would require unique passwords for Internet-connected devices and would prevent those passwords from being reset to universal factory defaults. The bill would force companies to increase transparency around when it comes to security updates and patches to their products, a practice only 20% of companies currently involved in, according to a statement attached to the bill.
These strong security proposals will be overseen by a regulator with sharp teeth: companies that refuse to comply with safety standards could be fined up to £ 10 million or four percent of their global revenue.
“Every day, hackers try to access people’s smart devices,” said Julia Lopez, the UK’s Minister for Media, Data and Digital Infrastructure. Statement. “Most of us have a laid back attitude when it comes to painting a picture about a product. Yet not many, many of us are at risk of fraud and theft. “
The rules will try to deal meaningfully with what has become a detriment to increasingly vulnerable IoT passwords to attackers. And we’re not talking about weak, but serviceable passwords. According to According to a 2020 report by cybersecurity company Symantec, 55% of IoT passwords used in IoT attacks were “123456.” More than 3% of attacking devices feature “admin” passwords. IoT devices are notoriously insecure even beyond passwords. Recent Report Palo Alto Networks found that 98% of all IoT device traffic was not encrypted.
The problem is getting worse, especially since smart home devices are gaining widespread popularity and becoming more affordable. Although Guess By 2030, the total number of IoT devices worldwide could exceed 20 billion. It is already turning into more attacks. Kaspersky Labs just two months ago To say Threaten that It was In the first half of 2021 alone, 1.5 billion IoT attacks were detected Twice as much as it has identified in the last six months of 2020.
IoT companies also regularly try to blame customers when their poor security practices result in breaches or hacks. This was, perhaps, the most famous, smart home security company in the case of Ring, which tried to do Claim Increased number of compromised accounts as a result of reusing customers’ passwords. In response, Ring and its owner Amazon found themselves at the end of receiving a class-action Case Filed in late 2019, the company was accused of negligence for failing to properly protect its devices. FOr what it’s worth, there are rings Since doing something meaningful Improvement In the security section, new devices require two-factor authentication and, more recently, end-to-end additions. Paired.
The UK’s no-nonsense approach to passwords, however, may serve as an example for copycats in the United States and elsewhere. The US actually Passed A significant IoT security bill passed last year, but it stopped imposing fines or bans on weak passwords. Rather, the law, which is called IoT Cybersecurity Improvement Act, The Department of Commerce instructed the National Institute of Standards and Technology to set a minimum set of security requirements for IoT devices and to get a refresher every five years for those standards.
The law seeks to establish policies to disclose the weaknesses of contractors. But while these provisions are a step in the right direction, they are essentially Limited To companies that are involved in business with the federal government.
In contrast, the proposed UK bill would cover a wider scope Provides a clear financial stick to the division and the makers and, importantly, compliance. Incentives and carrots only Useful up to a point. Although security flaws, especially cheap IoT devices are nothing new and were still largely unresponsive Market nudges. Explicit punishment, or at least their threat, could instead suggest a way to actual change.