The UK is taking steps toward increasing consumer privacy around the growing segment of connected hardware. New legislation will apply guidelines to all Internet of Things consumer smart devices sold in the region.
There are three elements to the legislation. First, all passwords for IoT devices must be unique and unable to be reset to a universal factory setting. Second, manufacturers must provide a point of contact for users to report vulnerabilities. Third, manufacturers need to share the time frame that devices will receive security updates at the point of sale.
According to Nicola Hudson, policy and communications director of the Naitonal Cyber Security Centre, this legislation “will give shoppers increased peace of mind that the technology they are bringing into their homes is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past.”
The UK government is planning to run the law on a voluntary basis in order to observe it in action. It will then implement the law as soon as possible.