The United Kingdom is seeking to crack down on connected device cybercrime with the introduction of a new law urging manufacturers, importers and wholesalers to make changes to how these devices are made, sold and periodically updated, or face stiff new penalties.
Building on prior reforms to the U.K.’s Electronic Communications Code, the proposed new bill, known as The Product Security and Telecommunications Infrastructure Bill, comes in three parts that mandate new controls at various levels of the connected device supply chain.
According to a Nov. 24 statement from the British government’s Department for Digital, Culture, Media & Sport, “The Product Security and Telecommunications Infrastructure Bill (PSTI), introduced to Parliament today, will allow the government to ban universal default passwords, force firms to be transparent to customers about what they are doing to fix security flaws in connectable products, and create a better public reporting system for vulnerabilities found in those products.”
Noting “The ownership and use of connected tech products has increased dramatically in recent years,” the statement adds, “On average there are nine in every UK household, with forecasts suggesting there could be up to 50 billion worldwide by 2030. People overwhelmingly assume these products are secure, but only one in five manufacturers have appropriate security measures in place for their connectable products.”
In the statement, U.K. Minister for Media, Data and Digital Infrastructure Julia Lopez said, “Every day hackers attempt to break into people’s smart devices. Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft. Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards.”
Access to devices plays into data security concerns that bedevil a high number of consumers.
The Privacy Paradox: Securing Data To Build Customer Engagement, a PYMNTS and Very Good Security collaboration, states that “consumers’ concerns over sharing their PII often relate to specific fears about data misuse,” adding that 81% of consumers are at least “somewhat” concerned about providing personally identifiable information (PII) access online.
See the study: The Privacy Paradox: Securing Data To Build Customer Engagement
14 Attempts Per Hour to Hack a UK Connected Home
Parliament’s move to secure the U.K.’s connected economy comes after a recent investigation led by consumer watchdog group Which? found that hackers performed “12,807 unique scans or attack attempts against the home devices in the busiest week, including 2,435 specific attempts to maliciously log into the devices with a weak default username and password. That equates to 14 attempts every hour by real hackers to infiltrate the devices.”
The BBC reported the proposed new law is focused around three new rules for manufacturers and their importing and wholesaling clients: “easy-to-guess default passwords preloaded on devices are banned. All products now need unique passwords that cannot be reset to factory default; customers must be told when they buy a device the minimum time it will receive vital security updates and patches. If a product doesn’t get either, that must also be disclosed; security researchers will be given a public point of contact to point out flaws and bugs.”
Per BBC reporting, a regulator will be named once the bill comes into force who will have authority “to fine companies up to £10m or 4% of their global turnover, as well as up to £20,000 a day for ongoing contraventions.”
Not only device makers are on the hotseat, “but also to businesses which sell cheap tech imports in the UK. Included within its scope are a range of devices, from smartphones, routers, security cameras, games consoles, home speakers and internet-enabled white goods and toys.”
As the number of connected devices from smart speakers to smart appliances and connected cars proliferate, consumers are growing more uneasy about connected security.
Per PYMNTS Digital Fraud Tracker® a PayPal collaboration, 47% of respondents to one study “believe their smart devices, such as cell phones and tablets, listen to their conversations.”
That’s not just paranoia. Watchdog group Which? said, “As soon as testers connected the home to the internet, they were being surveilled,” showing the always-on nature of hackers.
Get the Tracker: The Digital Fraud Tracker®