New cyber security laws to protect smart devices

Makers of smart devices will now need to tell customers upfront how long a product will be guaranteed to receive vital security updates under new government plans to protect people from cyber attacks.

Latest figures commissioned by the government show that 49 per cent of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products - such as smart watches, TVs and cameras - offer a huge range of benefits, yet many remain vulnerable to cyber attacks.

Recent research from consumer group Which? found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years. By forcing tech firms to be upfront about when devices will no longer be supported, the law will help prevent users from unwittingly leaving themselves open to cyber threats by using an older device whose security could be outdated.

To counter the growing threat, the government is planning a new law to make sure virtually all smart devices meet new requirements: customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates; a ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable; and manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.

Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords. The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”