In the United Kingdom, manufacturers of 'smart devices' are now required to indicate how long a device will receive security updates. Additionally, the use of standard universal passwords for these devices is prohibited under the new regulations.
The Product Security and Telecommunications Infrastructure Act applies to a variety of devices including smartphones, consoles, tablets, smart speakers, doorbells, lamps, and watches. The National Cyber Crime Center states: "Manufacturers must specify the minimum time period during which a device will receive important security updates."
In addition to specifying update timelines, manufacturers are also required to avoid using default passwords. According to the NCCC, default passwords can be easily accessed by cybercriminals and potentially used to gain unauthorized access to smart devices connected to local networks. Companies are also mandated to provide contact information for users to report security risks.
The UK government highlights that many smart devices are manufactured outside the country, but the PSTI law extends to importers and retailers as well. Violators of the law may face fines of up to £10 million or four percent of the company's global turnover.
English (US)