Better Cyber Security For Smart Devices

In the future makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks. This comes as the UK government has revealed details of its proposals to improve the security of most smart devices. 
 
The legislation aims to ban easy-to-guess default passwords, make it easier to report bugs, and force manufacturers to say when their devices will stop receiving security updates.
 
The UK Department for Digital, Culture, Media & Sport ('DCMS') announced, on 21 April 2021, Government plans for a new cyber security law to protect smart devices from cyber-attacks, as part of releasing results of the Government public consultation on smart device cyber security.  In particular, the Government outlined that it is planning to change the law to make smart products, such as televisions, cameras, and household appliances which connect to the internet, more secure for individuals to use.
 
Research commissioned by the UK government show almost half (49%) of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products, such as smart watches, TVs and cameras, offer a huge range of benefits, yet many remain vulnerable to cyber attacks. Just one vulnerable device can put a user’s network at risk. 
 
To counter these threat, the government is planning a new law to make sure virtually all smart devices meet new requirements: 
 
  • Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates.
  • A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable.
  • Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Mobile phones and other smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems. The DCMS propose legislation to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords. Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.
 
These measures are all included in the international Internet of Secure Things (IoXT) Alliance Compliance Programme and have been well received by manufacturers around the world.
 
The UK government has played an important  vital role in developing the first major international standard for consumer device cyber security to help manufacturers protect consumers around the world from falling victim to cyber attacks. Consumers are increasingly reliant on connected products at work and at home. "The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough." according to National Cyber Security Centre Technical Director Dr Ian Levy.
 
GovUK:    DCMS:     Data Guidance:      Computer Weekly:     E&T:       Public Service Executive:    Image: Unsplash
 
You Might Also Read:
 
Looking For Vulnerable IoT Devices:
 
 
« Two-Factor Authentication Matters More Than Ever
SolarWinds Campaign Even Wider Than First Thought »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

C2SEC

C2SEC

C2Sec provides an innovative analytics platform that assesses and quantifies cyber risks in financial terms based on combining patented big data, AI, and cybersecurity technologies.

AlertFusion

AlertFusion

AlertFusion is a platform that makes security operations more effective. It complements existing tools and technologies, unifies operations, enhances process maturity and drives efficiencies.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.