UK Passes Laws to Protect Consumers Against Cyberattacks

This post is also available in: עברית (Hebrew)

The UK enacts new laws to protect consumers against hacking and cyberattacks. The laws will enforce consumer protections and mandate that internet-connected smart devices meet minimum security standards by law.

This change means that manufacturers will be banned from having weak, easily guessable default passwords (like ‘12345’ or ‘qwerty’), and if a common password is detected, the new law will have manufacturers prompt the user to change it. “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected,” said Data and Digital Infrastructure Minister Julia Lopez.

According to Innovation News Network, the new laws are coming as part of the Product Security and Telecommunications Infrastructure regime that is designed to protect the UK and the global economy against cyberattacks. The measure aims to mitigate risks similar to an attack that occurred back in 2016, during which 300,000 smart devices were compromised due to vulnerabilities in their security features, and were then used to attack major internet platforms and services, leaving much of the US East Coast without internet access.

Furthermore, an investigation conducted by “Which?” reveals that a household filled with smart devices could be exposed to more than 12,000 hacking attacks from all over the world in the span of a single week. With 57% of UK households owning a smart TV, 53% owning a voice assistant and 49% owning a smartwatch or another wearable device, these new laws will directly confront the societal and economic risks posed by these technologies.

Measures passed as part of this initiative include: banning common or easily guessable passwords to prevent vulnerabilities and hacking, demanding that manufacturers publish contact details so bugs and issues can be reported and dealt with, and ensuring that manufacturers and retailers communicate to their consumers the frequency in which they should receive critical security updates.

As NCSC Deputy Director for Economy and Society, Sarah Lyons said: “Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyberattacks. This landmark Act will help consumers to make informed decisions about the security of products they buy.”