close
close

The new law could force tech companies to determine how long smartphones will receive updates

Posted on by darion

Smartphone makers may have to specify how long phones will be guaranteed to receive important security updates under new regulations proposed by the government.

The move is part of wider plans to ensure that “virtually all” smart devices, including smart speakers and video doorbells, meet stricter security requirements.

Easy-to-guess universal default passwords such as “password” and “admin” will also be banned.

Currently, when buying a new smartphone, it is not always entirely clear how long the manufacturer intends to send updates necessary to patch detected software faults.

If the regulations are approved, device manufacturers will be required to inform customers about the length of time that security software updates will be made available at the point of sale.

We hope this change will help prevent users from unknowingly exposing themselves to cyber threats by using an outdated device that may no longer be secure.

“Our phones and smart devices can be a goldmine for hackers looking to steal data, yet many of them still run legacy programs with security vulnerabilities,” said Matt Warman, Minister of Digital Infrastructure.

“We’re changing the law to make sure customers know how long products have the necessary security updates before they buy, and we’re making devices harder to break into by banning easy-to-guess default passwords.

“The reforms, supported by technology associations around the world, will torpedo the efforts of online criminals and strengthen our mission to build back more safely from the pandemic.”

Under the proposals, manufacturers will also be required to provide the public with a simple point of contact to report any security vulnerabilities they discover.

The Internet of Things (IoXT) Alliance – whose members include companies such as Google, Amazon and Facebook – welcomed the reforms, calling the plan “a critical step towards demanding more from IoT (Internet of Things) device makers and better protecting consumers and businesses who use them.”

Concerns come after a government-commissioned study found that almost half (49%) of people in the UK have bought at least one smart device since the start of the coronavirus pandemic.

Dr Ian Levy, technical director at the National Cyber ​​Security Center (NCSC), said: “Consumers are increasingly relying on connected products at work and at home.

“The Covid-19 pandemic has only accelerated this trend, and while manufacturers of these devices are gradually improving safety practices, it is not yet good enough.

“To protect consumers and build trust across the sector, it is important that manufacturers take responsibility and pay attention to these proposals now.”