UK announces new security rules for IoT devices
Cybercriminals are targeting vulnerable connected devices
Under new laws proposed by the UK government, all internet-connected devices will be required to abide by a strict set of security standards.
The new measures are designed to protect consumers and businesses against an increasing volume of cyberattacks. IoT devices - ranging from phones and tablets to smart speakers and cameras - have become a popular target due to poor security standards and, in some cases, discontinued security support.
Beyond scraping information from devices and using them as a route into private networks, criminals can harness hacked IoT devices to perpetrate DDoS attacks and take down online services.
- What is the IoT? Everything you need to know
- IoT giant exposes millions of customer details online
- The dangers of IoT and AI
The proposed legislation would require those involved in the manufacture and sale of connected devices in the UK to follow three rules:
- All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting
- Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
- Manufacturers of consumer IoT devices must explicitly state the minimum length of time that the device will receive security updates at the point of sale, either in store on online
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Compulsory standards
The new security standards were developed by the Department for Culture, Media and Sport (DCMS), in collaboration with the National Cyber Security Centre (NCSC).
“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety,” said Matt Warman, minister for digital and broadband at DCMS.
“It will mean robust security standards are built in from the design stage and not bolter on as an afterthought,” he continued.
Until now, the UK has encouraged companies operating in the IoT space to adhere to a set of voluntary security practices. It has reached the conclusion that compulsory measures are necessary to ensure users are protected.
- Protect your connected devices with the best antivirus software for 2020
Via ZDNet
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.