• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.


UK Cyber law for smart devices proposed

UK Cyber law for smart devices proposed

The UK Government says it’s planning a law that smart devices – such as smartphones, smart speakers and smart watches – meet cyber security requirements.

Among what’s proposed by the DCMS (Department for Digital, Culture, Media & Sport) is that customers must be told at point of sale how long a smart device will receive security software updates.

Tech manufacturers such as Apple, Samsung and Google won’t be supposed to use universal default passwords, such as ‘password’ or ‘admin’, that are pre-set in a device’s factory settings and are easily guessable by hackers; and manufacturers will be required to provide a public point of contact for anyone to report a vulnerability.

The UK Government says it intends to introduce legislation as soon as parliamentary time allows. The DCMS points to research by the consumer rights body Which?, that found a third of people kept their last phone for four years, yet some brands only offer security updates for a little over two years; leaving the handset vulnerable to cyber threats.


At DCMS, Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems. We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

And at the UK official National Cyber Security Centre (NCSC), Technical Director Dr Ian Levy said: “Consumers are increasingly reliant on connected products at work and at home. The covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough.

“DCMS’ publication builds on the 2018 Code of Practice and ETSI EN 303 645 to clearly outline the expectations on industry. To protect consumers and build trust across the sector, it is vital that manufacturers take responsibility and pay attention to these proposals now. It is also important to support uptake of good practice and provide industry with opportunities to innovate. I’m pleased to see the pilots, funded by DCMS, begin to test ways in which customers will be able to gain confidence in the security of these devices.”

Image by Free-Photos from Pixabay

More From Our Blog