The UK just banned default passwords, we should too

An image of an article titled that the UK just banned the default password, and we should also ban it

picture: Eric Piermont (Getty Images)

British legislators are tired Rotten Internet of Things password And is passing severe penalties and injunctions to enact legislation to prove this.new legislationIntroduced to the British Parliament this week, it will ban universal default passwords and work hard to create what supporters call a “firewall around everyday technology.”

Specifically, the bill is called the Product Security and Telecommunications Infrastructure Act (PSTI), which will require unique passwords for networked devices and prevent these passwords from being reset to general factory defaults. According to a statement accompanying the bill, the bill will also force companies to increase the transparency of when their products require security updates and patches, which is currently only adopted by 20% of companies.

These enhanced security proposals will be overseen by a rigorous regulator: According to reports, companies that refuse to comply with safety standards may face a fine of 10 million pounds or 4% of global revenue.

“Every day, hackers try to break into people’s smart devices,” said Julia Lopez, the British Minister of Media, Data and Digital Infrastructure, in a statement. statement“Most of us think that if a product is for sale, then it is safe and reliable. However, many people do not. This puts too many of us at risk of fraud and theft.”

These rules will try to meaningfully address the scourge of weak IoT passwords that are increasingly vulnerable to attackers. We are not talking about weak passwords, but we are not talking about useful passwords either. according to According to a 2020 report by cybersecurity company Symantec, 55% of the IoT passwords used in IoT attacks are “123456”. Another 3% of attacked devices have the password “admin”. As we all know, IoT devices are not secure except for passwords.recent report Researchers from Palo Alto Networks found that 98% of IoT device traffic is unencrypted.

The problem will only get worse, especially as smart home devices become more popular and more affordable.although estimate The difference is that by 2030, the total number of global IoT devices may increase to more than 20 billion. This has translated into more attacks.Just two months ago, Kaspersky Lab Tell Threatening posts It had 1.5 billion IoT attacks were detected in the first half of 2021 alone. This is twice the amount it detected in the last six months of 2020.

When IoT companies lack security measures leading to vulnerabilities or hacking attacks, they also often try to shift responsibility to customers.Perhaps the most famous is the case of the smart home security company Ring, which tried claim Customers’ repeated use of passwords has led to an increase in stolen accounts.In response, Ring and its owner Amazon found themselves on the receiving end of a class action lawsuit litigation A lawsuit was filed at the end of 2019, accusing the company of negligence for failing to properly protect its equipment. FOr its value, Ring has Because I did something meaningful Improve In the security sector, including the requirement for two-factor authentication on new devices, and the recent addition of end-to-end encryption.

However, the UK’s seriousness towards cryptography can serve as an example for imitators in the US and elsewhere.U.S. actually pass through An important IoT security bill last year, but it did not issue penalties or prohibitions for weak passwords.Instead, the legislation is called Internet of Things Cybersecurity Improvement Act, Instructs the National Institute of Standards and Technology of the Ministry of Commerce to establish a set of minimum security requirements for IoT devices, and these standards are updated every five years.

The law also requires contractors to develop vulnerability disclosure policies.But while these regulations are a step in the right direction, they are largely limited Companies that do business with the federal government.

In contrast, the bill proposed by the UK will cover a wider range Disagreements and manufacturers, it is important to provide a clear monetary policy to promote compliance.Incentives and carrots are just It’s useful until a certain point.But safety has declined, especially in cheap IoT devices are nothing new and have not responded to any devices so far Market push. Explicit punishment, or at least the threat of punishment, can provide a way for actual change.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *