A UK government bill aims to end easy-to-guess passwords that manufacturers set on devices by default. The bill aims to improve the safety standards of a large number of products.
The United Kingdom government has presented the Product Security and Telecommunications Infrastructure Bill, a bill that preceded a one-year consultation period in 2019. The proposal consists of a part that regulates the security of products and a part that should improve the communication infrastructure. The British Parliament is now considering the proposal.
The Product Security measures must guarantee that internet-of-things devices, wearables, smart baby monitors and smart TVs are better protected and better protect the privacy of citizens. Part of this proposal is that devices are given a unique password, which cannot be recovered by resetting the device to factory settings. According to the British government, products with default passwords are an easy target for criminals.
The proposal is also to make vulnerabilities reporting mandatory. Security researchers should be able to easily report vulnerabilities to manufacturers. Finally, the PSTI law must provide consumers with clarity about the period within which they can expect security updates.
If the bill is passed, a government-appointed regulator will have powers to fine companies that violate the PSTI Act. This does not only concern manufacturers, but also importers and distributors. Those fines can amount to 4 percent of the annual turnover with a maximum of 10 million British pounds, converted 11.8 million euros. Continued violations may result in a fine of £20,000 per day.