When’s the last time you changed your smart TV’s password?
If you’re like most people, the answer to that question is probably never.
Chances are, your smart TV, smart speaker, video doorbell or WiFi router came out of its box with a password like 'admin' or '123456', and you haven’t thought about it since.
This leaves internet-connected gadgets vulnerable to attacks from hackers, who scan hundreds of thousands of devices at a time using shortlists of the most common passwords.
Advert
But if you’re someone who puts off updating passwords, don’t panic – because weak default passwords are now banned under a new UK law to boost cybersecurity.
The world-first law, which came into force on Monday, bans tech companies from shipping devices that come with common default passwords.
Instead, users will be prompted to change the password on set-up and will be made to choose again if they choose something easily guessable.
And it looks like this law is needed too – because the UK’s top three favourite passwords are the super-secure '123456', 'password', and 'qwerty'.
Also up there is 'liverpool', 'arsenal', and, at number 15, 'cheese', according to password manager NordVPN.
Smart home devices are particularly vulnerable to hacks, according to research by consumer experts Which?, who found that a home filled with smart devices could receive more than 12,000 hacking attempts a week.
Testers were able to eavesdrop on conversations after gaining remote control over an older Amazon Echo that had stopped receiving security updates.
Even more terrifyingly, the ethical hackers were able to access the audio and video feed from a baby monitor after retrieving the password – which could even let them speak through the device.
Fortunately, however, thanks to the new law - called the Product Security and Telecommunications Infrastructure act - all manufacturers must make sure their devices come with basic protection against cyber attacks.
All internet-connected devices are covered, including smart speakers, fitness trackers, tablets, and even smart fridges and light bulbs.
The law also ensures manufacturers provide a clear point of contact where users can report bugs and other security issues, and tell users the minimum time for which the device will receive important security updates.
It’s hoped that the changes will provide a huge boost to the UK’s cyber security, and help stop hacks such as the 2016 Mirai attack, which saw 300,000 smart devices compromised and left the US East Coast without internet.
Minister for Cyber, Viscount Camrose said: “As every-day life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.
“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”