The UK government is passing tough new cybersecurity laws to protect smart devices after a surge in pandemic breaches. Makers of smart devices including phones, speakers, and doorbells will need to tell customers up front how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks.
- Apple, Samsung, Google and other manufacturers will say when smartphones, smart speakers and other devices will stop getting security updates
- Easy-to-guess default passwords to be banned on virtually all devices under the new law
- Rules will make it easier for people to report software bugs that can be exploited by hackers
New figures commissioned by the government show almost half (49%) of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products – such as smartwatches, TVs and cameras – offer a huge range of benefits, yet many remain vulnerable to cyber attacks.
To counter this threat, the government is planning a new law to make sure virtually all smart devices meet new requirements:
- Customers must be informed at the point of sale of the duration of time for which a smart device will receive security software updates
- A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable
- Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Smartphones are the latest product to be put in the scope of the planned Secure By Design legislation, following a call for views on smart device cyber security the government has responded to today.
It comes after research from the consumer group Which? found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.
More details here.