Businesses Could Benefit From Proposed UK Consumer IoT Security Legislation
Thursday, April 22, 2021
Equally problematic is the tendency for second-hand phones to be sold in high street phone shops, and to be sold on cheap to friends when the next generation is purchased. That second-hand phone could easily be out of its security update period with neither the buyer nor seller being aware. Noticeably, second-hand products are specifically excluded from the legislation – but that makes the overall validity of the rule questionable.
Passwords
Banning easily guessed default passwords will in theory improve the posture of the device – but again suffers from enforceability. “People may buy substandard IoT devices from abroad in a few clicks, while customs have insufficient resources to monitor compliance with highly complicated legislation amid the influx of foreign goods,” comments Ilia Kolochenko, CEO and founder at ImmuniWeb. “A toothless law will unlikely deter bad practices that it aims to regulate.
“Problematically,” he adds, “most of the insecure and dangerous IoT devices are manufactured in third-party countries that are often ignorant to any judicial cooperation with the UK authorities. Thus, however good the law will be, its practical enforcement will be decisive for its eventual success.”
Vulnerability reporting
Security professionals, however, are less confident that it will make a huge difference– with enforceability being the primary concern.
“However good the law may be, its practical enforcement will be decisive for its eventual success,” warns Kolochenko. Read Full Article
SC Media: SW Labs | Review: ImmuniWeb Discovery
IoT Tech News: UK plans laws to protect IoT devices following pandemic sales surge