Total Tests:

Businesses Could Benefit From Proposed UK Consumer IoT Security Legislation

By Kevin Townsend for SecurityWeek
Thursday, April 22, 2021

Equally problematic is the tendency for second-hand phones to be sold in high street phone shops, and to be sold on cheap to friends when the next generation is purchased. That second-hand phone could easily be out of its security update period with neither the buyer nor seller being aware. Noticeably, second-hand products are specifically excluded from the legislation – but that makes the overall validity of the rule questionable.

Passwords

Banning easily guessed default passwords will in theory improve the posture of the device – but again suffers from enforceability. “People may buy substandard IoT devices from abroad in a few clicks, while customs have insufficient resources to monitor compliance with highly complicated legislation amid the influx of foreign goods,” comments Ilia Kolochenko, CEO and founder at ImmuniWeb. “A toothless law will unlikely deter bad practices that it aims to regulate.

“Problematically,” he adds, “most of the insecure and dangerous IoT devices are manufactured in third-party countries that are often ignorant to any judicial cooperation with the UK authorities. Thus, however good the law will be, its practical enforcement will be decisive for its eventual success.”

Vulnerability reporting

Security professionals, however, are less confident that it will make a huge difference– with enforceability being the primary concern.

“However good the law may be, its practical enforcement will be decisive for its eventual success,” warns Kolochenko. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential