Better Cyber Security For Smart Devices

Uploaded on 2021-04-28 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-Law

In the future makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks. This comes as the UK government has revealed details of its proposals to improve the security of most smart devices. 
 
The legislation aims to ban easy-to-guess default passwords, make it easier to report bugs, and force manufacturers to say when their devices will stop receiving security updates.
 
The UK Department for Digital, Culture, Media & Sport ('DCMS') announced, on 21 April 2021, Government plans for a new cyber security law to protect smart devices from cyber-attacks, as part of releasing results of the Government public consultation on smart device cyber security.  In particular, the Government outlined that it is planning to change the law to make smart products, such as televisions, cameras, and household appliances which connect to the internet, more secure for individuals to use.
 
Research commissioned by the UK government show almost half (49%) of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products, such as smart watches, TVs and cameras, offer a huge range of benefits, yet many remain vulnerable to cyber attacks. Just one vulnerable device can put a user’s network at risk. 
 
To counter these threat, the government is planning a new law to make sure virtually all smart devices meet new requirements: 
 
  • Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates.
  • A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable.
  • Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Mobile phones and other smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems. The DCMS propose legislation to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords. Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.
 
These measures are all included in the international Internet of Secure Things (IoXT) Alliance Compliance Programme and have been well received by manufacturers around the world.
 
The UK government has played an important  vital role in developing the first major international standard for consumer device cyber security to help manufacturers protect consumers around the world from falling victim to cyber attacks. Consumers are increasingly reliant on connected products at work and at home. "The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough." according to National Cyber Security Centre Technical Director Dr Ian Levy.
 
GovUK:    DCMS:     Data Guidance:      Computer Weekly:     E&T:       Public Service Executive:    Image: Unsplash
 
You Might Also Read:
 
Looking For Vulnerable IoT Devices:
 
 
« Two-Factor Authentication Matters More Than Ever
SolarWinds Campaign Even Wider Than First Thought »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.