Internet-connected smart devices must now meet minimum-security standards by UK law, exactly one year after the UK Government’s publication of telecommunications and product security guidelines in 2023.
Manufacturers, importers, and distributors of relevant connectable products are now legally required to protect consumers from hackers and cyber criminals from accessing devices with internet or network connectivity – from smartphones to games consoles and connected fridges – as the UK becomes the first country in the world to introduce these laws.
The laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.
What’s new
The new measures introduce a series of improved security protections to tackle the threat of cyber-crime:
- Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking
- Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with
- Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates
This will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features and used to attack major internet platforms and services, leaving much of the US East Coast without internet access. Since then, similar attacks have occurred on UK banks including Lloyds and RBS leading to disruption to customers.
An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
Further reading
New laws to protect consumers from cyber criminals come into force in the UK. Â Press release. April 29, 2024. By: Department for Science, Innovation and Technology, National Cyber Security Centre, Office for Product Safety and Standards, Julia Lopez MP, and Viscount Camrose
The UK Product Security and Telecommunications Infrastructure (Produce Security) regime. Guidance (Web site). Published April 29, 2023. Accessed April 29, 2024. Department for Science, Innovation and Technology.
How a smart home could be at risk from hackers. Article. By Andrew Laughlin, Principal Researcher & writer. July 1, 2021. Which? Group (Consumers’ Association, UK)
Why it matters
The move marks a significant step towards boosting the UK’s resilience towards cyber-crime, as recent figures show 99% of UK adults own at least one smart device and UK households own an average of nine connected devices. The new regime will also help give customers confidence in buying and using products, which will in turn help grow businesses and the economy.
