Using a default password for a connected object makes it particularly vulnerable to cyberattacks. To combat this danger, the British government has just introduced the Product Security and Telecommunications Infrastructure (PSTI) Bill.
This law aims to improve protection against cyberattacks for users of connected electronic devices. It imposes on the manufacturers of such devices a triple requirement: to have a vulnerability disclosure policy, to be transparent about the length of time their products will receive security updates, and to prohibit default passwords.
The list of products affected by this PSTI law includes smartphones, consumer connected devices (electronics and appliances), connected devices related to security and alarm systems, IoT hubs, smart home assistants, and home automation products.
After the law is passed, manufacturers, importers, and distributors will have twelve months to comply.