The UK is the first country to ban default passwords on IoT devices.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

The UK may be the first country, but as far as I know, California is the first jurisdiction. It banned default passwords in 2018, the law taking effect in 2020.

This sort of thing benefits all of us everywhere. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US. And they’re not going to make one for the UK and another for the rest of Europe, either. They’ll remove the default passwords and sell those devices everywhere.

Another news article.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

April 18, 2024 0 Comments 0 tags

The Metropolitan Police and partners have disrupted the prolific LabHost phishing-as-a-service platform

CISA Adds One Known Exploited Vulnerability to Catalog

May 1, 2024 0 Comments 0 tags

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-7028 Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability These types of vulnerabilities are

CISA guidance on AI security coming as part of DHS roadmap

March 18, 2024 0 Comments 0 tags

The post CISA guidance on AI security coming as part of DHS roadmap appeared first on CyberScoop.