Under the new version of the Product Security and Telecommunications Infrastructure (PSTI) Act, domestic and foreign electronics suppliers must now comply with a set of required principles to ensure the security of their products. Electronics can no longer use usernames and passwords like “administrator” by default, passwords can’t be “clearly consistent” and can’t be “clearly associated with public information” like device MAC addresses or Wi-Fi SSIDs (network name).
By default, devices should be equipped with a mechanism that is technically difficult for hackers, but easy to protect against users’ password guesses, including limiting the number of authentication attempts in a certain period of time. However, if passwords need to be changed, the user should not experience any difficulties.
Manufacturers are also responsible for timely updating of their products’ firmware. Mechanisms should be configured to make it easy for the user to update the firmware with an automatic or “manual” upgrade option.
At the same time, PSTI does not make recommendations: All articles of the law are mandatory; Refusal to these obligations threatens the manufacturer with serious fines. The seller will pay a fine of up to £10 million for non-compliance with PSTI, approximately $12.5 million or 4% of annual global revenue.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
