Singapore tightens security requirements for new home routers
Come April 13 next year, home routers will have to meet new security requirements before they can be put up for sale in Singapore. These include unique login credentials and default automatic downloads of security patches.
The new mandate is aimed at improving the security of these devices, which are popular targets amongst malicious hackers who are looking to breach home networks, according to industry regulator Infocomm Media Development Authority (IMDA). Stipulated as being part of the country’s Technical Specifications for Residential Gateways, the enhanced security requirements were finalised following an earlier consultation exercise that sought feedback from the public and industry.
While these mandates are set to come into effect from 13 April 2021, home routers previously approved by IMDA will be allowed to remain on sale until October 12 next year.
Users of existing home routers will not need to change their current routers, but they are encouraged to purchase devices that are compliant with IMDA’s cybersecurity requirements for their next upgrade or replacement. Users should also regularly update their device firmware, the agency said.
“Home routers are often the first entry point for cyber attacks targeting the public, as they form the key bridge between the internet and residents’ home networks,” IMDA said in a statement Monday. “[The] minimum security requirements for home routers [will] provide a safer and more secure internet experience for users, and strengthen the resilience of Singapore’s telecommunications networks.”
The government agency added that the move came amidst continued adoption of networked intelligent devices in homes, such as web cameras and baby monitors, which have given way to higher risks of cyber attacks that target such devices. It noted that Japan imposed similar requirements in April and the UK recently began to evaluate such requirements.
In Singapore, the enhanced security requirements include randomised