What They Say
The UK government has introduced new legislation, the The Product Security and Telecommunications Infrastructure Bill which has three new rules.
- easy-to-guess default passwords preloaded on devices are banned. All products now need unique passwords that cannot be reset to factory default
- customers must be told when they buy a device the minimum time it will receive vital security updates and patches. If a product doesn’t get either, that must also be disclosed
- security researchers will be given a public point of contact to point out flaws and bugs
The rules apply to supply chains including importers and covers a range of devices, from smartphones, routers, security cameras, games consoles, home speakers and internet-enabled white goods and toys. The government said it would apply to SmartTVs but not PCs, vehicles, smart meters and medical devices.
A new regulator will have the power to fine companies up to £10m ($13.3 million) or 4% of their global turnover, as well as up to £20,000 ($26.6K) a day for ongoing contraventions.
What We Think
I must confess to having hacked multiple Wi-fi routers over the years when staying in hotels or other accomodation, when the default password had not been changed. Usually, I just did it so that I could reboot a temperamental device, but I did once take off a priority setting when I had a holiday apartment with very limited connectivity and where the landlord had put a priority setting on his IPTV connection. I thought that and my web activities should be able to ‘fight it out’.
Still, it will be good to see firms sorting problems out more quickly. As we reported the other day, Sky got into hot water over delays in fixing its router bugs. (BR)