Fed up with manufacturers releasing Internet-connected products for the home with inadequate security that puts everyone in the world at risk, the UK has finally cracked down:
Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines.
The Product Security and Telecommunications Infrastructure Bill lays out three new rules:
- easy-to-guess default passwords preloaded on devices are banned. All products now need unique passwords that cannot be reset to factory default
- customers must be told when they buy a device the minimum time it will receive vital security updates and patches. If a product doesn't get either, that must also be disclosed
- security researchers will be given a public point of contact to point out flaws and bugs
The new regime will be overseen by a regulator, which will be appointed once the bill comes into force. It will have the power to fine companies up to £10m [$1.3m] or 4% of their global turnover, as well as up to £20,000 [$26,700] a day for ongoing contraventions.
About bloody time, I say. Yes, people should know better than to connect open Internet ports to their home networks, but most people in the world do not understand what any of that means. We don't make people mix their gasoline with air when driving anymore for the same reasons.