The UK Government has issued a press release to announce new laws to protect smart devices from cyberattacks. Sales of everyday tech products such as smart phones, watches, and TVs have soared during the lockdown, with nearly half the population buying at least one device.
All of these types of devices are vulnerable to viruses and malware attacks, especially as they get older. The new legislation, which is to be introduced at the earliest convenience, will oblige manufacturers such as Apple, Samsung, and Google to inform consumers when their products will top receiving security updates.
Further measures include the banning of default and easily guessable passwords on almost all devices, and an easier process for the reporting of viruses and malware attacks. There has been a huge increase in the amount of internet enabled products on the market, but many have hidden built-in security obsolescence dates.
At point of sale for a smart device of any kind, such as a speaker, laptop or security system, the manufacturer will have to make clear to the consumer how long the product will be guaranteed to receive vital security updates. The new laws are designed to crack down on opportunities for cybercrime and hacking of sensitive data.
Digital Infrastructure Minister Matt Warman said: ‘Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.’
‘We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.’
The new legislation will be known as Secure By Design, and was prompted by calls from consumer groups such as Which? A recent survey by the organisation found that a third of people kept their smart phones for four years, and some brands only offer security updates for two years.
Smart device users are encouraged to follow guidance issued by the National Cyber Security Centre (NCSC), which advises taking measures such as choosing secure passwords, using two factor authentication, and regularly installing security updates.
A survey carried out by researchers at University College London looked at 270 smart devices, and found that none of them displayed clear information about the length of time for which product security updates would be issued. Even the small print of the product paperwork contained no details on the issue.
The current system leaves many people unaware that their device is vulnerable to cyberattacks, as the product could still appear to be in good working order while operating on an outdated system. Additionally, only one in five global manufacturers presently has an accessible method of allowing users to report bugs and malfunctions in software.
The reforms to better protect consumers are supported by major tech associations, such as the global Internet of Secure Things (IoXT), whose members include international giants such as Google, Facebook, and Amazon.
If you are looking for pentesting experts, please get in touch today.