Skip to main content

UK proposes new security rules for IoT devices

(Image credit: Image Credit: Melpomene / Shutterstock)

The UK government has drafted three proposals to help both businesses and consumers stay safe as they use Internet of Things (IoT) devices. While it isn’t exactly law yet, the government did say that it would look to make it so sometime in the near future.

The proposals, drafted by the Department for Culture, Media and Sport (DCMS), together with the National Cyber Security Centre (NCSC), came after consultations with security experts, retailers and product builders.

Here’s what the government suggests:

- Passwords for IoT devices need to be unique and must not be resettable to a factory setting

- IoT builders need to have a point of contact where consumers can report a flaw and where manufacturers can react quickly

- Consumer IoT makers must be clear about the minimum length of time for which the device would be supported with updates and patches

"Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety," said Matt Warman, minister for digital and broadband at DCMS.

A DCMS spokesperson told ZDNet that they’d continue cooperating with retailers and manufacturers as they look to transform these proposals into law.

Cybersecurity is one of the main concerns of consumer IoT devices. Many come with default password settings which are the same for all devices of the same manufacturer. As many consumers can’t be bothered to change the factory settings, they end up being vulnerable to numerous threats.