Smart technology is helping us to unlock more conveniences than ever in our homes and on our phones, but the more connected devices we surround ourselves with, the more appealing we are to hackers.
Too many brands have been slow to adopt robust security standards and don’t support devices for long enough with important updates – so how do you know who to put your trust in before you buy?
Which? can help. We test more than 30 product categories for security issues, and we have now launched a new review alert for members and non-members. It’s called Security Notice, and it clearly flags any issues.
Mobile phones that pose a security risk
With the amount of data your phone holds, it’s an absolute goldmine for hackers. That’s why manufacturers send out regular updates, which patch up small holes that appear in the software over time. This keeps your information secure.
These updates are important. In fact, 88% of Which? members responding to our survey told us that they would be concerned if their phone was no longer receiving them*. But software support doesn’t last forever, with many brands only promising patches for two years after the phone’s launch.
Once a phone has dropped off the update cycle, we issue a security notice – look out for this on our reviews. You’ll also be able to read more information about the problem and how to mitigate the risks if you own the device.
We also review our Best Buys every month and remove our recommendation from any that we suspect have less than a year of support remaining.
How to find out how long a phone will be supported
Manufacturers aren’t always forthcoming about when their update periods will end, which isn’t helpful if you’re shopping around.
79% of Which? members we asked see the length of update cycles as important to their purchase*. If you’re one of them, we can help. Head to the tech specs of any of our mobile phone reviews to check a handset; we clearly label how long we estimate it may have left based on the brand’s minimum support periods and also give any device-specific information.
Or you can use our phone support calculator to browse nearly 500 models for their update status. Check how long your smartphone has left.
Your phone is very unlikely to pose a problem the day after its last patch. The longer it goes without an update, though, the more at risk it is, so we recommend upgrading to a new handset as soon as you can.
Security warnings for at-risk smart devices
Security and updates aren’t just important for smartphones. In fact, nearly every device we buy now can potentially be smart, from coffee machines to cameras to cars.
We run rigorous tests on more than 30 different types of smart products for how they protect your privacy and security. Worryingly, we often find flaws – from minor housekeeping issues to critical risks.
When we find an issue that poses a significant risk to you, we will take action and place a security notice on the review. This warns of the issue we have found and tells you what to do.
It might be that we are working with the manufacturer to fix the issue, and that is pending, as with the two products below.
Or, it might be that the manufacturer does not intend to fix the issue, despite exhaustive contact from us, and so we have no choice but to warn you not to buy the device. Either way, we will make sure you get the most secure devices for your budget.
TP-Link Tapo C310
We run all wireless security cameras, such as this TP-Link model, through a barrage of tests to see how well they protect your online privacy and security, and how easily they could be hacked.
During testing we found that this camera had a vulnerability that was reasonably low risk but still concerning. So, we contacted TP-Link and asked it to fix the issue.
We’ll report back as soon as the flaw has been rectified. Find out more in our TP-link Tapo C310 review
TP-Link Archer AX50
Our extensive test programme uncovered a cause for concern with this third-party router, also from TP-Link.
We contacted the company about our findings and it intends to issue a fix in June 2021. We will update this review when that is done, but in the meantime find out more in our TP-Link Archer AX50 review.
How to shop smart for smart devices
While there’s work to be done to improve standards across the board for smart devices, that doesn’t mean you should avoid them altogether. Consider the following steps to help minimise any risk.
- Pick a good brand. While well-known brands aren’t immune to poor security practices, we tend to find the most security issues on cheaper devices from online marketplaces.
- Add extra security. As a minimum, pick a strong, hard-to-guess password, and add two-factor authentication (logging in with a second device) if it’s available.
- Keep devices updated. Download any security patches as soon as they’re available, and try to set them to update automatically.
- Know your rights. The Consumer Rights Act states that goods must be ‘of satisfactory quality, fit for purpose and as described’, including digital elements. If you have any security flaws, you should consider making a claim.
Which? calls for more transparency around security updates
This year, the government’s Product Security and Telecoms Infrastructure Bill will, for the first time, set legal requirements for connected products. Default passwords (easy pickings for hackers) will be banned, vulnerability disclosures will be encouraged and manufacturers would be compelled to tell you how long your product will be supported for when you buy it.
When it comes to mobile phones, we’re calling on manufacturers to go further. At a minimum, we want them to provide:
- at least five years of software and security updates across all their devices from point of release, regardless of popularity or cost
- in-device notifications about when update support will cease, so that consumers can make more informed decisions about next steps
- more regular update support from when manufacturers are first made aware of patches, particularly for those using the Android operating system
- greater clarity about actual updates policies at time of purchase, and on a publicly available website, so consumers are fully informed about update provision before they buy.
*Based on a May 2021 survey of 1,246 Which? members.