A new law will require makers of smart devices, including tech giants Apple, Google and Samsung, to offer more transparency around security updates and support.
The new Secure by Design plans, announced by the UK government, are being introduced as part of a cyber security law that will aim to tackle the vast number of smart products on sale, including smartphones, with weak or limited security protections.
They specify key criteria that must be met when smart devices are sold, and are a significant step towards ensuring consumers have the information and safeguards in place to reduce the risk of being vulnerable to cyberattacks.
Find out why phones over two years old could be a security risk, and how you can take steps to stay safe.
New law to tackle unsecure smart products
Under the new legislation, makers of smart devices including smartphones, speakers and doorbells, will be required to adhere to a new set of measures designed to offer more transparency to consumers, and improve safety standards for smart devices. These include:
- Information around support durations – how long you will receive security updates for when you buy a smart device.
- A ban on generic default passwords – devices will no longer be permitted to be sold with generic default passwords, such as ‘admin’ or ‘123456’, that could be easy pickings for hackers.
- A clear point of contact to report vulnerabilities – manufacturers must provide a public point of contact for buyers (or organisations involved in security testing, such as Which?) to raise security vulnerabilities and get them fixed.
The legislation, expected to be introduced in 2021, is something Which? has long been calling for. Our testing of hundreds of smart devices, including mobile phones, has revealed serious security flaws and issues around transparency of updates, which this new law will help to address.
Rocio Concha, director of policy and advocacy at Which?, said: ‘New laws to tackle this issue are a crucial step as there are a vast array of connected devices with security flaws, many of which are currently on the market, that put consumers at risk from cyber criminals.
‘We share the government’s ambition to make the UK one of the safest places in the world for consumers to use smart technology and this must be backed up by strong enforcement, ensuring people can get effective redress when they purchase devices that fail to meet security standards and leave them exposed to data breaches and scams.’
Find out why mobile phone brands are putting customers at risk with inadequate support, and which smartphone brands offer the best security support, where you can also use our support calculator to look up your device.
Why are software updates so important?
A software update is like a warranty for the digital elements of your product. It demonstrates that the brand will continue to issue fixes for the product and its software in case anything happens.
The problem is that currently you have no idea how long that warranty will last – and just one vulnerable device is all it takes to put a home network at risk,
Out of 253 products we assessed over a 12-month period, only four had some form of clear information about the level of update support the brand would give to the product.
A separate study by University College London assessed 270 smart products and found that none displayed information about the length of time updates would be supported, either at point of sale or in the product box or manuals.
Smart devices on the rise
The average household bought two new smart devices during the Covid-19 pandemic, according to UK government figures. These included smartphones, smart TVs and smart washing machines.
While these devices can enhance our lives, numerous Which? investigations have demonstrated how security vulnerabilities could put you and your data at risk.
- Smart doorbells that could be letting hackers into your home.
- How 100,000 wireless security cameras in the UK are at risk of being hacked.
- How cheap smart plugs could expose you to hackers.
- More than one billion Android devices at risk of malware.
How to protect your smart devices
Simple steps, such as changing passwords and keeping devices updated, can vastly improve your security when using smart products. Follow the advice below to mitigate the risks with smart devices you have in the home.
- Set strong passwords: Always change any default passwords on a product, and don’t use simple passwords with easily guessable terms. Instead, follow our guide on how to set strong passwords. Or better still, use a password manager.
- Enable all security: Check the product’s settings menu (most likely in the app) to see what additional security features you can use. If two-factor authentication is available, do activate it.
- Run updates: Always install any available software updates for the product or app to ensure you’ve got the most recent security protections.
- Placement: Think carefully where you place smart devices, particularly if they have a microphone or camera. If you want privacy, always switch the device off when you’re aren’t using it.
- Be wary of phishing: As some smart devices can be remotely exploited simply with a phishing message, always stay vigilant to what is sent to you. See how to detect phishing attacks for more.