UK lawmakers are fed up with security flaws caused by bad passwords and to put an end to it, they are going to launch strong sanctions and prohibitions. A new law, presented in the UK Parliament this week, will ban default universal passwords and work to create what they have dubbed a ‘firewall around everyday technology’.
The bill, specifically called Draft Law on Telecommunications Infrastructure and Product Safety (PSTI), will require unique passwords to exist for Internet-connected devices and will prevent those passwords from being reset to universal factory defaults. This bill will also force companies to increase transparency about when their products need security updates and patches, a practice in which only 20% of companies currently participate, as explained in the statement that accompanies this project. law.
The government will be waiting for the companies with their weapons at the ready: Companies that refuse to comply with the new safety standards could face fines of 10 million pounds or pay up to 4% of their global revenues.
“Every day, hackers try to break into people’s smart devices,” said UK Minister for Media, Data and Digital Infrastructure, Julia Lopez, in a release. “Most of us assume that if a product is for sale, it is safe and has protection. However, many are not protected, which puts us at risk of being the subject of fraud and theft ”.
These rules will try to significantly address the growing hole of weak passwords for Internet of Things (IoT) devices, which are increasingly susceptible to attackers. And we are not even talking about the weak passwords, but the basic ones. According to a report As of 2020 conducted by cybersecurity company Symantec, 55% of IoT passwords used in IoT attacks were “123456.” Another 3% of attacked devices had the password “admin.” IoT devices are also notoriously insecure beyond of passwords. report Recent Palo Alto Networks found that 98% of all IoT device traffic was unencrypted.
And the problem only gets worse, especially as smart home devices gain popularity and become increasingly affordable. Although the estimates vary, the total number of global IoT devices could rise to more than 20 billion by 2030. This is something that is already leading to more attacks. Just two months ago, Kaspersky Labs said it had detected 1.5 billion IoT attacks in the first half of 2021 alone. This is double what it had detected in the last six months of 2020.
IoT companies also routinely try to blame customers when their poor security practices lead to hacks. That is what occurred with the famous Amazon-owned smart home security company Ring, trying to sneak in that the rise in compromised accounts was the result of customers reusing their passwords. In response, Amazon stumbled upon a class action lawsuit that accused her of negligence for not properly securing her devices. As a result, Ring has made some improvements significant when it comes to their security, such as two-factor authentication on new devices and the addition of end-to-end encryption.
Let’s hope that the significant sanctions announced by the UK government (or at least the threat of suffering them) will serve to make the computing environment safer. And let us also hope that the rest of the countries will soon adopt similar measures.