Weak passwords for smart home devices to be illegal in Europe

Share via:


Default passwords for smart home devices and wireless routers will have to be made stronger in order to comply with new cybersecurity laws in both the UK and EU …

When you buy a smart home device – or even something as critical as a wireless router – it often arrives out of the box with a pre-configured password, and that password is often laughably weak. Some routers, for example, arrive with ‘admin’ preset for both username and password.

That will no longer be legal in Europe, after both the UK and EU passed separate cybersecurity laws.

The Record reports on the UK law.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for […]

Under the PSTI, weak or easily guessable default passwords such as “admin” or “12345” are explicitly banned, and manufacturers are also required to publish contact details so users can report bugs.

Products that fail to comply with the rules could face being recalled, and the companies responsible could face a maximum fine of £10 million ($12.53 million) or 4% of their global revenue, whichever is higher.

The EU’s Cyber Resilience Act (CRA) hasn’t yet come into effect, but will include a similar requirement for better default security.

The CRA aims to safeguard consumers and businesses buying or using products or software with a digital component. The Act would see inadequate security features become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle.

The latter is expected to come into force later this year.

The US doesn’t yet have anything similar, but global brands are likely to apply the same standards for their products sold around the world.

Photo by Sebastian Scholz (Nuki) on Unsplash

FTC: We use income earning auto affiliate links. More.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Weak passwords for smart home devices to be illegal in Europe


Default passwords for smart home devices and wireless routers will have to be made stronger in order to comply with new cybersecurity laws in both the UK and EU …

When you buy a smart home device – or even something as critical as a wireless router – it often arrives out of the box with a pre-configured password, and that password is often laughably weak. Some routers, for example, arrive with ‘admin’ preset for both username and password.

That will no longer be legal in Europe, after both the UK and EU passed separate cybersecurity laws.

The Record reports on the UK law.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for […]

Under the PSTI, weak or easily guessable default passwords such as “admin” or “12345” are explicitly banned, and manufacturers are also required to publish contact details so users can report bugs.

Products that fail to comply with the rules could face being recalled, and the companies responsible could face a maximum fine of £10 million ($12.53 million) or 4% of their global revenue, whichever is higher.

The EU’s Cyber Resilience Act (CRA) hasn’t yet come into effect, but will include a similar requirement for better default security.

The CRA aims to safeguard consumers and businesses buying or using products or software with a digital component. The Act would see inadequate security features become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle.

The latter is expected to come into force later this year.

The US doesn’t yet have anything similar, but global brands are likely to apply the same standards for their products sold around the world.

Photo by Sebastian Scholz (Nuki) on Unsplash

FTC: We use income earning auto affiliate links. More.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Nvidia clears regulatory hurdle to acquire Run:ai

Chip company Nvidia gets the green light from...

Girish Mathrubootham Sells Freshworks Shares Worth $40 Mn

SUMMARY Mathrubootham sold his stake in two tranches on...

Here’s the full list of 49 US AI startups...

For some, AI fatigue is real. But clearly...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!