Secure by Design: UK Enforces IoT Device Cybersecurity Rules

Law Bans Universal Default Passwords; Requires Bug-Reporting Channels, Update Plan Mathew J. Schwartz (euroinfosec) • April 29, 2024

Say goodbye to buying internet of things devices in Britain with a default or hard-coded password set to "12345" now that the country will enforce a ban on manufacturers from shipping internet-connected and network-connected devices that don't comply with minimum cybersecurity standards.

See Also: Strengthening Your Security Program With Open API

A grace period expired Monday for companies to comply with demands of the U.K. Product Security and Telecommunications Infrastructure Act, allowing the government to police the security standards of a range of IoT goods, including smartphones, game consoles, wearable fitness trackers and children's toys, as well as internet-connected fridges, speakers, baby monitors and more.

The connected-device law kicks in following repeat attacks against devices with ...