Weak passwords banned as new laws to protect consumers from cyber criminals come into force
Written by: Nigel Howle

Regulations enforcing consumer protections against hacking and cyber-attacks will take effect, mandating that internet-connected smart devices meet minimum-security standards by law.

The changes came into force at the end of April, 2024.

A UK Government Press Release said they had introduced “world-first laws protecting UK consumers and businesses from hacking and cyber-attacks.”

It also means manufacturers of products such as phones, TVs and smart doorbells are now required to implement minimum security standards against cyber threats.

Consumers will benefit from banning of easily guessable default passwords, marking a significant leap in protecting individuals, society and the economy from cyber criminals.

Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’ and if there is a common password the user will be promoted to change it on start-up.

This will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features and used to attack major internet platforms and services, leaving much of the US East Coast without internet.

Since then, similar attacks have occurred on UK banks including Lloyds and RBS leading to disruption to customers.

The move marks a significant step towards boosting the UK’s resilience towards cyber-crime, as recent figures show 99% of UK adults own at least one smart device and UK households own an average of nine connected devices. The new regime will also help give customers confidence in buying and using products, which will in turn help grow businesses and the economy.

An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.

With 57% of households owning a smart TV, 53% owning a voice assistant and 49% owning a smart watch or fitness wristband, this new regime reinforces the government’s commitments to addressing these threats to society and the economy head on.

The laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.

The new measures will also introduce a series of improved security protections to tackle the threat of cyber-crime:

  • Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking
  • Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with
  • Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates .

The new laws are part of the government’s £2.6 billion National Cyber Strategy to protect and promote the UK online.

 

 

 

 

Related Articles

If you would like to get to know us better and discuss how we can help you,
email ITexpert@UKbusiness.IT or alternatively call us today on (01782) 26 44 55