The UK just banned default passwords and we should too


Image of an article titled The UK Banned Default Passwords And We Should Too

picture: Eric Pyrmont (Getty Images)

British lawmakers are sick and tired shitty The Internet of things passwords And they legislate tough penalties and bans to prove it. the new legislation, which was submitted to Britain’s parliament this week, would ban global default passwords and work to create what proponents call a “firewall around everyday technology”.

Specifically, the bill, called the Product Security and Communications Infrastructure Act (PSTI), would require unique passwords for devices connected to the Internet and prevent those passwords from being reset to factory defaults. The bill would also force companies to increase transparency about when their products require security updates and patches, a practice that only 20% of companies currently participate in, according to a statement accompanying the bill.

These enhanced security proposals will be overseen by a sharp-toothed regulator: it is said that companies that refuse to comply with security standards could face fines of £10m, or four per cent of their global revenue.

“Hackers are trying daily to break into people’s smart devices,” said the UK Minister for Information, Data and Digital Infrastructure, Julia Lopez. statment. “Most of us assume that if a product is for sale, it is safe and secured. However, many do not, which puts many of us at risk of fraud and theft.”

The rules will purposefully attempt to tackle what has become a scourge of weak and increasingly vulnerable IoT passwords to attackers. And we’re not talking about weak passwords, but they can also be used. according to A 2020 report by cybersecurity firm Symantec, 55% of IoT passwords used in IoT attacks were “123456”. Another 3% of the devices that were attacked had the password ‘admin’. IoT devices are notorious for being insecure other than passwords as well. newly Report From Palo Alto Networks I found that 98% of IoT device traffic was unencrypted.

The problem is getting worse, especially as smart home devices are gaining in popularity and becoming more affordable. anyway Estimates Differ, the total number of global IoT devices could swell to over 20 billion by 2030. This is already translating into more attacks. Just two months ago, Kaspersky Labs Tell after the threat had a 1.5 billion IoT attacks detected in the first half of 2021 alone. That’s double what he discovered in the last six months of 2020.

IoT companies also routinely try to blame customers when their lackluster security practices lead to breaches or hacks. This is perhaps the most well-known case for smart home security company Ring, which has attempted to Claim The rise in compromised accounts resulted from customers reusing passwords. In response, Ring and its owner Amazon find themselves on the receiving end of a teamwork lawsuit In late 2019, the company is accused of negligence for failing to properly secure its devices. FOr what it’s worth, Ring . has Since then it has made some sense improvements In the security section, including requiring two-factor authentication on new devices, and most recently, the comprehensive addition encryption.

Although the UK’s serious approach to passwords could serve as an example for those using the imitation in the US and elsewhere. The United States actually Passed successfully The Internet of Things security bill was significant last year, but it stopped short of issuing penalties or bans on weak passwords. Instead, he called the legislation Cybersecurity Improvement for the Internet of Things Act, directs the Department of Commerce’s National Institute of Standards and Technology to establish a minimum set of security requirements for IoT devices and for these standards to be refreshed every five years.

The law also requires contractors to establish policies to detect vulnerabilities. But while these rulings are a step in the right direction, they are, by and large, Limited For companies that do business with the federal government.

By contrast, the proposed UK bill would cover a much broader scope of divisions and manufacturers, and most importantly, provide a clear cash wand to drive compliance. Incentives and carrots only Useful up to the point. Although there are security holes, especially at cheap prices IoT devices, are nothing new and have not yet responded to any of the IoT devices Market alerts. Clear sanctions, or at least the threat of them, can provide a means for actual change instead.



Source link

Leave a Reply