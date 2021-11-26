



The UK government has introduced the Product Security and Telecommunications Infrastructure (PSTI) Act, a set of new regulations designed to improve the security of smart home devices. The rule bans easy-to-guess default passwords, requires disclosure of security update release dates, and imposes huge fines.

The new rule was originally proposed last year after lengthy consultations and has not changed significantly. The first is a ban on easy-to-guess default passwords, including classics like “password” and “admin”. The law states that all passwords shipped with new devices must be “unique and cannot be reset to universal factory settings”.

UK Minister Julia Lopez said: “Most people think that if a product is for sale, it’s safe and secure. But a lot of people don’t, putting too many people at risk of fraud and theft”. “Our legislation will firewall up everyday technologies from phones, thermostats, dishwashers, baby monitors to doorbells, and impose huge fines on those who break strict new security standards.”

Next, manufacturers must inform their customers at the point of sale of the minimum time requirements for security patches and updates. If the product is not shipped with you, you must disclose that fact. Finally, manufacturers should provide public contact information so that security researchers can easily disclose flaws and bugs.

The government hopes to reduce attacks on home devices, citing 1.5 billion compromise attempts against Internet of Things (IoT) devices in the first half of 2020 alone. As an example, we cite a 2017 attack in which hackers attacked internet-connected fish tanks and stole data from casinos. “In extreme cases, hostile groups use poor security to access people’s webcams,” he added.

These rules are overseen by a regulatory body that will be appointed once the legislation goes into effect. Fines can amount to up to 10 million ($13.3 million) or 4% of the company’s gross revenue, and up to 20,000 per day for persistent violations. This law applies not only to manufacturers, but also to companies that import technical products into the UK. Products include Internet-enabled appliances and toys, along with smartphones, routers, security cameras, game consoles and home speakers.

