UK’s IoT security regulation will also include smartphones

Manufacturers will be required to inform consumers how long their device will receive security software updates

The UK’s IoT ‘Security by Design’ law, which aims to protect consumers from cyber attacks, will now also include smartphones.

The proposed regulation was initially expected to only cover Internet of Things (IoT) devices, due to the widespread lack of security controls associated with the devices, including easy-to-guess preset passwords.

A report commissioned by the government found that since the start of the pandemic, close to half (49%) of UK residents have purchased at least one smart device, such as an AI-powered smart speaker, video doorbell or phone-controlled light bulb. The research found that, although the products have the potential to improve consumers’ lives, they also make them especially vulnerable to cyber attacks. Due to the mass shift to remote working, they also pose a threat to businesses.

In a policy paper published today, the government announced that smartphones would also be included in the proposed ‘Secure By Design’ legislation. This will require manufacturers, such as smartphone giants Apple or Samsung, to inform consumers at the point of sale as to how long their will be eligible to receive security software updates, as well as provide a public point of contact to make it simpler to report a vulnerability.

Related Resource

Go further with mobile marketing

Easy steps to get your mobile strategy up-to-speed

Easy steps to get your mobile strategy up-to-speed - whitepaper from OracleDownload now

Commenting on the announcement, Digital Infrastructure minister Matt Warman said that “phones and smart devices can be a gold mine for hackers looking to steal data”, adding that, despite this, “a great number still run older software with holes in their security systems”.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords," he said. "The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic."

The government announced that it’s seeking to introduce the ‘Security by Design’ law “as soon as parliamentary time allows”.

The National Cyber Security Centre (NCSC) technical director Dr Ian Levy urged manufacturers to “take responsibility” in order to “protect consumers and build trust across the sector”.

“Consumers are increasingly reliant on connected products at work and at home. The COVID-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough,” he said.

The news comes just days after security researchers warned of a slew of DNS flaws that could affect millions of IoT products, allowing attackers to target devices offline or take control of them.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks
Security

NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks

4 Aug 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

4 Aug 2021
McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021