UK Creates New Laws to Safeguard Consumers Against Cyber Threats Posed by Smart Devices

As 99% of UK adults now own at least one smart device, and the average UK household enjoys the benefits of nine connected devices, the timing of new laws designed to protect consumers from hacking and cyber-attacks while using internet-connected smart devices couldn't be more timely.

Manufacturers of smart devices, such as televisions, speakers, door bells and even baby monitors, are now required to adhere to basic security standards. This includes prohibiting the use of weak, easily guessable default passwords like 'admin' or '12345'. Also, in cases where a common password is used, users must be prompted to change it upon startup. Additionally, if a common password is detected, users will be required to change it upon initial setup. Historically, smart home devices have been shipped with default passwords, often weak and vulnerable. However, these practices will no longer be permissible under the new regulations.

How is the UK Reacting?

Being the first country to take such measures, the UK is leading the way in protecting itself against cyber-crime. These new laws will help increase consumer confidence in the purchase and use of connected smart and IoT devices, thereby supporting business growth and bolstering the broader economy.

Commenting on this news is Pentest People Managing Consultant, Richard Newton:  

"The enforcement of secure passwords on smart devices marks a positive step towards enhancing cybersecurity. However, a lot of technology is sourced from countries where this won't be enforced and we will still find technology in the UK that will have weak passwords.

The use of password managers is particularly fitting in this case – just as we advocate for unique, complex passwords with such tools, the banning of weak passwords on smart devices underscores the importance of robust security practices.

Given the mass use of smart devices as primary gateways to the internet, making sure they are secure is critical. While manufacturers may still attempt to circumvent these regulations by using slightly stronger but still weak passwords, the overarching goal is to raise the baseline security standard.

The encouragement of password managers reinforces the need for consumers to take proactive steps in safeguarding their online accounts. By using password managers, users can easily generate and manage strong, unique passwords for each service, avoiding the risk of widespread security breaches and minimising the potential impact of vulnerabilities in smart devices. The combination of regulatory enforcement and individual best practice represents a multifaceted approach towards enhancing cybersecurity in our everyday connected lives.”

Chris Burton, Head of Professional Services at Pentest People agrees; “Enforcing secure passwords is definitely a step in the right direction. However, with the many smart devices not manufactured in the region, there's still a possibility of encountering devices with weak passwords even within the UK market. While banning passwords like '12345' is a positive move, it's crucial to ensure that manufacturers adhere to robust password policies. After all, the strength of passwords is ultimately determined by the standards set by technology providers. Simply banning one weak password won't suffice if manufacturers resort to equally predictable alternatives like '123456'.”

To read more about the news visit: https://insight.scmagazineuk.com/uk-iot-regulation-introduced-enforces-secure-passwords

Discover more about effective password management strategies using a password manager. Read our blog here: https://www.pentestpeople.com/blog-posts/the-one-thing-youre-forgetting-in-your-cyber-security-routine-a-password-manager

‍