Singapore tightens security requirements for home routers

New requirements include mandatory use of random and unique credentials for each device and strong passwords, disabling system services and interfaces that are deemed vulnerable, automatic loading of firmware updates for security fixes by default, secure authentication of access to devices and the management interface, and validation of entered data to protect against remote hacking.

By adopting more stringent requirements, the regulator has pursued the goal of improving the security of local area networks, which are a popular target for attackers. Envisioned as part of the technical specifications, the increased safety requirements have been finalized after consultation with the public and industry.

Users of existing home routers will not need to change their current devices, but in case of replacement, they are encouraged to buy IMDA-compliant products.

The agency has been prompted to enact the new rules by the growing adoption of smart network devices such as webcams and baby monitors, which heightens the risk of cyberattacks. The head of IMDA noted that Japan introduced similar requirements in April, and the UK is considering the possibility of introducing them.

Home Wi-Fi routers that meet the IMDA specifications will be able to receive the labeling recently introduced by the Cybersecurity Agency of Singapore. The labeling initiative is voluntary and includes four levels of evaluation that a product has passed. This mechanism is intended to encourage manufacturers to develop safer products.