New Law in U.K. Bans Default Passwords for Smart Devices Beginning April 2024
The PSTI act comes on the heels of a recent U.S. Federal Communications Commission (FCC) decision imposing hefty fines on major telecom carriers
International NewsNewsOur NewsPoliticsTech News

New Law in U.K. Bans Default Passwords for Smart Devices Beginning April 2024

Photo of The AEGIS Alliance U.K. The AEGIS Alliance U.K.April 30, 2024Last Updated: September 7, 2024
2 minutes read

A new law, the Product Security and Telecommunications Infrastructure Act (PSTI), is being enforced by the National Cyber Security Centre (NCSC) of the United Kingdom. It forces makers of smart devices to give security top priority. This law, which goes into effect on April 29, 2024, guarantees that smart devices are constructed with continuous cyber protection, enabling consumers to make educated decisions.

The PSTI act’s removal of default passwords that are simple to figure out is one of its main requirements. These passwords, which are frequently easily found online, pose a serious security risk since they let hackers access devices and possibly initiate more attacks. Nonetheless, manufacturers are allowed by law to use distinctive default passwords.

The PSTI act seeks to create a minimum security standard and stop the development of weak devices that could be targeted by widespread cyberattacks similar to the infamous Mirai botnet. This law covers a broad variety of internet-connected devices, such as:

  • Smart speakers, TVs, and streaming devices
  • Smart doorbells, baby monitors, and security cameras
  • Tablets, smartphones, and game consoles
  • Wearable fitness trackers (including smartwatches)
  • Smart home appliances (light bulbs, plugs, kettles, thermostats, ovens, refrigerators, cleaners, and washing machines)

Businesses that violate the PSTI act risk having their products recalled and paying steep fines. The maximum penalty is £10 million ($12.5 million) or 4% of their yearly worldwide revenue, whichever is higher.
New Law in U.K. Bans Default Passwords for Smart Devices Beginning April 2024
New Law in U.K. Bans Default Passwords for Smart Devices Beginning April 2024

The United Kingdom has become the first country in the world to forbid default usernames and passwords for internet-of-things (IoT) devices. The persistence of Mirai-based attacks even after the original botnet was taken down in 2016 highlights the significance of this legislation. A report published by Cloudflare claims that Mirai variants are still used in a large percentage of distributed denial-of-service (DDoS) attacks.

Following a recent ruling by the Federal Communications Commission (FCC) in the United States, which levied significant fines against AT&T, Sprint, T-Mobile, and Verizon for unlawfully disclosing customers’ real-time location data to third parties without authorization, the PSTI act was passed. This demonstrates the growing global trend toward more stringent laws to safeguard the security and privacy of digital age consumers.

“No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card,” revealed U.S. Senator Ron Wyden, who made the disclosure in 2018.

Tags
Photo of The AEGIS Alliance U.K. The AEGIS Alliance U.K.April 30, 2024Last Updated: September 7, 2024
2 minutes read
Photo of The AEGIS Alliance U.K.

The AEGIS Alliance U.K.

Bringing you news from the United Kingdom and greater Europe! Journalist, editor, activist, social media management, content creator. Based in the U.K.
Back to top button

Adblocker Detected

Hello. Our systems have detected that you're using an adblocker. Please whitelist/bypass our website, or temporarily turn off the adblocker and reload the page. We apologize for the inconvenience. Thanks for your time.