Smart device manufacturers subject to new laws to crack down on cyber attacks

The government is introducing new laws in a bid to protect people and businesses from cyber attacks.

Under the new plans, makers of smart devices including phones, speakers, and doorbells will be required to disclose to customers upfront how long a product will be guaranteed to receive vital security updates.

In addition, easy-to-guess default passwords to be banned on the majority of devices under the new law, as well as a requirement to make it easier for users to report software bugs.

The move comes after new figures commissioned by the government show that 49 per cent of UK residents have purchased at least one smart device since the start of the pandemic.

Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

Brad Ree, CTO of the Internet of Secure Things (IoXT) Alliance, added: “We applaud the UK government for taking this critical step to demand more from IoT device manufacturers and to better protect the consumers and businesses that use them.

“Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.

“These are all included in the IoXt compliance programme and have been well received by manufacturers around the world.”