The UK has become the first country worldwide to prohibit Internet of Things device manufacturers from using default usernames and passwords in their products following the approval of the Product Security and Telecommunications Infrastructure act, which seeks to bolster smart device cybersecurity, The Hacker News reports.
Aside from banning default credentials for smartphones, smart TVs, gaming consoles, smart speakers, streaming devices, smart doorbells, security cameras, baby monitors, fitness trackers, and smart household appliances, the law — which took effect on April 29 — also compels manufacturers to establish means for reporting security issues and detail the timeline of security updates for their IoT products, according to the UK's National Cyber Security Centre. IoT manufacturers that would not comply with the law will be penalized with up to $12.5 million in fines or 4% of their annual revenues.
Such a development follows a Cloudflare report noting the persistence of Mirai botnet-based intrusions eight years after the botnet's disruption.