The UK Government is introducing laws to fine manufacturers who use a single default password on their devices. The use of one default password – which a user is not forced to change – is a huge security risk to consumers if these are smart or IoT devices connected to the internet.
The BBC is reporting that “Which? suggested homes filled with smart devices could be exposed to more than 12,000 attacks in a single week“.
Huge fines and a ban on default passwords in new UK law – BBC News
Now to make this work, the non-techie needs to understand (or be guided) that password1234 or their Facebook or bank passwords are not suitable passwords for their new IoT devices. That is something the government could get behind – the NCSC has already as have Smart Thinking.
Another good thing in this bill is the requirement for manufacturers to declare for how long they will support their devices. I got caught out recently by SanDisk. We used to use this supplier of storage devices all the time as they a are good quality reliable product. With this in mind I personally bought a Wi-Fi enabled memory stick for use with my iToys for well over £100 – to be informed less than a year later that SanDisk were no longer supporting the iOS app – rendering my expensive purchase useless.
When I contacted SanDisk I was informed that support had ceased but they suggested I purchased another supported product. Easier than that I issued an instruction to all my people we no longer purchase SanDisk products, or reinbruse staff who purchase them, and I shared my story with clients, other IT associates and social media.
A new law is less trouble!
Clive Catton MSc (Cyber Security) – by-line and other articles
You may also like:
and
Product Security and Telecommunications Infrastructure Act – Smart Thinking Solutions
