Wednesday 21 April 2021 9:24 am

UK to force tech firms to disclose device security plans amid cyber fears

Tech firms could be forced to tell customers how long their products will be guaranteed to receive security updates under draft new laws outlined today.

Manufacturers including Apple, Samsung and Google would have to make upfront disclosures for smart devices such as phones, speakers, fridges and doorbells.

The plans form part of efforts to beef up security amid fears over the escalating number of cyber attacks as more and more devices are connected to the internet.

Cyber experts have warned that just one vulnerable device could put a whole network of users at risk.

In 2017 attackers succeeded in stealing data from a North American casino operator after hacking into a smart fish tank.

The issue has been heightened by a surge in tech sales during the pandemic, with new figures commissioned by the government revealing just under half of Brits have purchased at least one smart device since the outbreak of the virus.

But consumers are also holding on to their devices for longer due to rising prices and a slowdown in developments on new models, raising concerns about a gap in security protection.

Research from consumer group Which found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.

Other measures outlined in the planned legislation include a ban on manufacturers using universal default passwords such as ‘password’ or ‘admin’.

Rules will also make it easier for consumers to report software bugs that could be exploited by hackers.

“Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems,” said digital minister Matt Warman. 

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

Jake Moore, cybersecurity specialist at ESET, said: “General security remains below par for many smart devices available which possess a huge risk to consumers who often purchase these devices in blind faith with the assumption they will be protected.

“This new law will force the big technology firms into complying with these standards but there will inevitably remain a number of smart products on the market and second hand sites which will fall well below the standard we would expect and include potential risks.”