The UK government has established a “new world-leading regulation” to ensure that consumers’ phones, smart TVs, fitness trackers, tablets, and other internet-connected devices are better protected from hackers.
According to research, up to four out of every five manufacturers in the UK do not implement adequate security measures. Speakers, thermostats, printers, and toys are just a few examples of products that can connect to the internet. Any such devices that do not fulfil the required security standards will be prohibited from being sold in the UK under the law.
In recent years, the number of gadgets capable of connecting to the internet has exploded, with an average of ten devices per household. According to some estimates, there could be up to 50 billion devices on the planet by 2030. According to a Which? analysis, the ordinary household might be subjected to over 12,000 scanning or hacking attacks in a single week.
According to the National Cyber Security Centre in the United Kingdom, it dealt with 777 occurrences in the previous year, which is an unparalleled number. They also say there’s been an uptick in ransomware attacks and major global catastrophes.
In 2017, data was taken from a North American casino via an internet-connected fish tank, demonstrating that even seemingly benign products can pose a security concern.
The Product Security and Telecommunications Infrastructure Bill has been introduced in Parliament.
The law would allow the government to: prohibit the use of universal default passwords; require businesses to be upfront with customers about the steps they are taking to address security weaknesses; and establish a system for the public to report any product vulnerabilities.
The bill would also hasten the deployment of faster and more reliable broadband. Operators would be able to upgrade and share infrastructure more easily as a result of this. Quicker collaborative negotiations with landowners who would be hosting the equipment would be encouraged, with the goal of reducing the number of times that judicial action is taken, delaying construction.
What gadgets are we talking about?
The bill is about connectable products, which are objects that can link to the internet. Smartphones, smart TVs, baby monitors, security systems, voice-activated assistants, and smart home appliances are examples of such devices. Smart light bulbs and fitness trackers are examples of products that link to other devices but not directly to the internet.
Secondhand goods will not be included because it would be impractical to do so, since it would impose requirements on firms and customers that would exceed the benefits. Desktops and laptops already have an antivirus software market and security capabilities, thus they are not included.
Easy-to-guess or default passwords, such as admin or 123456, that are preloaded on devices and targeted by hackers, would be banned. All new devices will require a unique password and will not be able to be reset to their original factory settings.
Manufacturers would be obligated to inform customers at the moment of sale about the minimum amount of time a product would receive security upgrades and fixes. Customers must also be informed if a product does not include security updates. Customers would be notified when and if any of the things they purchased were vulnerable as a result of this.
Manufacturers would also be forced to give a public point of contact to make it easier for customers to report product defects and bugs.
In-scope businesses will be duty-bound to investigate compliance failures and to produce records and statements of compliance.
A regulator will oversee the new system, with the authority to levy financial penalties for non-compliance. The maximum fine will be £10 million, or 4% of global turnover, plus up to £20,000 per day if the violation is ongoing.
Companies will also be able to receive notices from the regulator mandating product recalls, restricting the sale or supply of items, or compelling them to meet security criteria.