NEW data on the problem of API drift – most production APIs are not built as designed  Learn more >

PSTI Goes Into Effect in the UK, Ensuring a New Era of Hardened IoT Devices

psti-iot-security

This week, the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act went into effect. The law introduces significant cybersecurity measures to protect consumer connected devices, like smart TVs appliances, from cyber threats. This legislation mandates stringent requirements on manufacturers, importers, and distributors to ensure the security of devices capable of connecting to the internet.

One of the key components of the PSTI is the new password requirements. The regulations stipulate that all new devices must feature unique passwords or allow users to set their own. Additionally, these passwords cannot be simple or derived from readily accessible information, such as serial numbers, unless they are encrypted using industry-recognized methods. This measure aims to eliminate common vulnerabilities associated with weak default passwords that are often targeted by hackers.

This law is a step in the right direction, but it does not go far enough to protect consumer data. Device passwords are targeted by hackers to do a remote takeover of the device, and then use the device for their own purposes, like accessing the camera and microphone to spy on you.

However, your viewing data and habits are not only available on the device itself, they are also available via API. The principles of securing access through strong authentication methods are similar. API vulnerabilities often involve inadequate security measures like weak authentication, which can be mitigated by enforcing stronger password policies and encryption, similar to what the PSTI requires for devices.

While the PSTI does enhance security for devices, its direct impact on improving API security is limited since the act does not specifically address API management practices. But the same issues abound with APIs – missing or weak default password requirements. Moreover, APIs often have other misconfiguration issues, like transmitting more personal data than is necessary to the requester.

The new law is a step in the right direction, focused on improving hardware and firmware. But it’s incomplete without also addressing software and connectivity.

Share

Request A Demo

Find A Slot To See A Demo Or Speak To One Of Our Support Specialists

Ready To Start Monitoring?

Want to learn more? Check out our technical knowledge base, or our sector by sector data, or even our starters guide to the API economy. So sign up immediately, without a credit card and be running your first API call in minutes.

Related Posts

Join Us Now!

Join the 100s of companies relying on APIContext.