Smart devices vulnerable to hackers could be destroyed under new law
SMART devices that allow hackers to easily hijack them could be banned or destroyed, under new powers being considered by the Government.
Manufacturers whose devices are deemed unsafe face fines, having products seized, or could be forced to issue recalls, under proposals released today.
The penalties power, which could be given to a new regulator, is part of a crackdown on increasingly popular internet-connected devices such as baby monitors, doorbell cameras and smart fridges with inadequate cyber security protections.
Cyber criminals can then use them to surveil people in their homes, track their location, take control of the devices themselves, or get access to sensitive personal and financial information.
Under the proposals going out for consultation today and are to form part of a bill to come before Parliament, the Department for Digital, Culture, Media and Sport has also outlined standards for manufacturers to observe.
The rules, drawn up by experts from GCHQ’S National Cyber Security Centre, include banning easily hacked default passwords such as “1234” and telling customers by law how long the company intends to provide security support for their products.
Smartphones and laptops are also to be included under provisions, alongside household devices and appliances.
Matt Warman, the digital infrastructure minister, said: “I urge organisations to respond to these proposals so we can make the UK the safest place to be online with pro-innovation regulation that inspires consumer confidence in our tech products. People should continue to change default passwords on their smart devices, and regularly update software to help protect themselves from cyber criminals.”
The DCMS warned that hacked devices could expose owners to “a range of harms” such as “physical harm” to a vulnerable user whose location was exposed to a violent partner.
Smart devices can also present a wider threat to the nation’s cyber security, as in the 2016 Mirai botnet attack, where hackers accessed thousands of internet-connected products, and launched an attack that overwhelmed servers, leaving much of the internet inaccessible on the US east coast.
The Which? consumer watchdog said that new the cyber security rules had to be backed by “strong” sanctions. Rocio Concha, director of advocacy, said: “Which? has repeatedly exposed popular connected devices with serious security flaws that fall well short of agreed voluntary standards, and leave consumers at the mercy of cyber criminals, so laws to tackle this are an important step, and can’t come soon enough.”