UK government bans IoT devices companies to use default passwords for configuring devices

The British parliament has approved a new provision that will ban the use of universal default passwords for Internet of Things (IoT) devices, which is expected to mitigate the risk of cyberattacks related to factory reset.

This new bill, known as the Product Security and Telecommunications Infrastructure Bill (PSTI), requires tech companies to use unique passwords for home IoT devices. Julia Lopez, from the Ministry of Media, Data and Digital Infrastructure, believes that this is a good measure for the fight against hackers, who always try to break into this kind of systems.

The authorities will impose fines equivalent to up to $12 million USD on companies that violate this regulation, so the British government expects the technology industry to rush to take the necessary measures to comply with this law.

On top of that, the new law also requires tech companies to be more transparent regarding security patches and updates to their products for home environments. It should be noted that the bill further stated that only 20% of IoT companies are practicing transparency for their security updates, so dozens of companies will need to adopt new computer security policies.

The official also believes that this practice gives end users a false sense of security, so it is necessary for manufacturing companies to take the initiative by setting a sufficiently secure factory password. On the other hand, the consumer protection body Which? has been pointing out the serious security flaws in IoT devices for years, so they consider these efforts of legislators necessary.

On these security issues, experts note that there are currently around 12,000 known security flaws in IoT devices, so all efforts to mitigate their exploitation are welcomed by the cybersecurity community.

The exploitation of vulnerabilities in IoT devices is one of the main security problems in home environments. According to Symantec, more than 55% of these devices use default passwords such as “123456”, while 3% of these computers use the “admin” password. With this new law, these passwords will be a thing of the past.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.