Under the UK’s new cybersecurity law, consumer smart devices can no longer allow the use of weak, easy-to-guess passwords, such as “admin” or “12345.”
This is part of a set of minimum-security standards the UK is requiring to protect consumers from hacking and cyberattacks.
The law covers every smart device that comes with internet or network connectivity, ranging from TVs and phones to game consoles, connected fridges, and smart doorbells.
Manufacturers of such products will also have to publish contact details so that users can report bugs and other issues. In addition, they’ll need to be transparent about the timing of important security updates.
According to consumer organisation Which?, a home with multiple smart devices could be exposed to over 12,000 hacking attacks in a single week.
The government estimates that UK households own nine connected devices on average. It hopes that the move will not only strengthen cybercrime resilience, but also increase consumer confidence in such products.
“As everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater,” Minister for Cyber Viscount Camrose said in a statement.
Cybercrime costs the UK approximately £27bn per year. The bill, which comes into force today, is part of the UK’s £2.6bn National Cyber Strategy, set to counteract the rising threats.
For its part, the EU is finalising the Cyber Resilience Act, which sets clear rules for all products connected directly or indirectly to another device or network.
Get the TNW newsletter
Get the most important tech news in your inbox each week.