UK Bans Sale of Devices with Weak Default Passwords to Combat Cybercrime

The UK government has taken a significant step in the fight against cybercrime by introducing a new law that bans the sale of internet-connected devices with weak default passwords. The Product Security and Telecommunications Infrastructure (PSTI) regime, which comes into effect on April 29, 2024, aims to address the growing risk of cyber criminals hacking into home networks and stealing private data through vulnerable 'smart' devices such as baby monitors, televisions, and speakers.

Under the new law, manufacturers of these devices must meet stricter security standards before they can be sold in the UK. The requirements include ensuring devices have unique passwords, providing a public point of contact for vulnerability reporting, and informing consumers about the minimum length of time for which the device will receive security updates. Failure to comply with these standards can result in fines for the manufacturers.

Why this matters: As more and more devices become connected to the internet, the risk of cybercrime increases. This new law is a proactive measure to protect UK consumers and businesses from the growing threat of hackers exploiting vulnerabilities in these devices to steal sensitive data or launch cyberattacks.

Cybersecurity experts have welcomed the new law as a 'step in the right direction' in the fight against cybercrime. However, some have raised concerns that certain manufacturers may only do the bare minimum to comply with the regulations. The UK government has emphasized that this law is a 'world first' and will boost the nation's resilience against the constantly developing threat of cybercrime.

Julia Lopez, the Minister for Media, Data, and Digital Infrastructure, stated, "Every day hackers attempt to break into people's smart devices. Most of us assume if a product is for sale, it's safe and secure. Yet many are not, putting too many of us at risk of fraud and theft. Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Key Takeaways

• UK bans sale of IoT devices with weak default passwords from April 2024.
• New law requires unique passwords, vulnerability reporting, and security updates.
• Aims to protect consumers and businesses from cyber threats via smart devices.
• Experts welcome law as a step against cybercrime, but some concerns remain.
• UK claims law is a 'world first' to boost resilience against evolving cyber threats.