In the future makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under ground-breaking plans to protect people from cyber attacks. This comes as the UK government has revealed details of its proposals to improve the security of most smart devices.
The legislation aims to ban easy-to-guess default passwords, make it easier to report bugs, and force manufacturers to say when their devices will stop receiving security updates.
To counter these threat, the government is planning a new law to make sure virtually all smart devices meet new requirements:
- Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates.
- A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable.
- Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Mobile phones and other smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems. The DCMS propose legislation to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords. Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.
These measures are all included in the international Internet of Secure Things (IoXT) Alliance Compliance Programme
and have been well received by manufacturers around the world.
Read the full article by clicking button below.