UK government published security requirements for IoT devices

UK Department for Digital, Culture, Media, and Sport (DCMS), issued new security requirements for IoT devices based on last year’s public consultation. According to these requirements: (1) all consumer IoT devices passwords must be unique and not resettable to any universal factory setting; (2) IoT manufacturers must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner and (3) IoT manufacturers must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in-store or online. This move follows the 2018 Code of Practice for consumer IoT security issued by the DCMS last year.