Government launch rules to protect smart devices from cybercriminals

The government has told makers of smart devices – including Apple, Samsung, and Google - that they will need to inform consumers how long these products will receive security updates for.

Smart devices such as phones and speakers, sometimes called Internet of Things (IoT) devices, are a common way for cybercriminals to infiltrate systems.

In 2018, 10 gigabytes of confidential data were stolen from a US casino via an internet connected fish tank according to a Darktrace report.

The new law seeks to help prevent users from unwittingly leaving themselves open to cyber threats by using an older device whose security could be outdated.

A report from Which? cited by the government found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.

The new rules will also make it easier for people to report software bugs that can be exploited by hackers and see easy to guess default passwords banned on virtually all devices.

Just one in five global manufacturers have a mechanism in place to allow security researchers, firms and individuals who find security flaws in devices to report vulnerabilities, claimed the government.

“Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems,” said digital infrastructure minister Matt Warman. “We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.”

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

He added: “Security updates are a crucial tool for protecting people against cyber criminals trying to hack devices.”

“We applaud the UK government for taking this critical step to demand more from IoT device manufacturers and to better protect the consumers and businesses that use them,” said Brad Ree, chief technology of the Internet of Secure Things (IoXT) Alliance.

He added: “Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.”

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.