News Mania desk/Agnibeena Ghosh/29th April 2024
The UK has introduced new legislation aimed at enforcing tighter regulations on the security of “smart” gadgets, including devices like baby monitors, televisions, and speakers connected to the internet. The move comes in response to growing concerns about cybersecurity threats posed by such devices, which have increasingly become targets for cybercriminals seeking to exploit vulnerabilities and access private data.
Until now, manufacturers have been expected to adhere to security guidelines voluntarily. However, the new law imposes three key requirements to enhance device security:
- Strengthened Password Procedures: Manufacturers must implement more secure password protocols, ensuring that default passwords are not left blank or set to easily guessable options like “12345” or “admin.”
- Clear Reporting Mechanisms: There should be clarity on how consumers can report bugs or security issues that arise with the device.
- Transparency on Support Duration: Manufacturers and retailers are mandated to inform customers about the duration of support, including software updates, they can expect for the device they are purchasing.
Failure to comply with these minimum requirements under the Product Security and Telecommunications Infrastructure (PSTI) regime can result in fines.
The UK government heralded these laws as a “world first” initiative aimed at safeguarding consumers and businesses against cybercrime while enhancing the country’s resilience to cybersecurity threats. According to the Department for Science Innovation and Technology (DSIT), over half of UK households now own smart TVs, and voice assistants like Alexa are present in a significant portion of homes, with an average of nine connected devices per household.
However, alongside the rapid adoption of smart devices, there has been a surge in incidents involving hackers exploiting vulnerabilities to compromise these devices. Instances of unauthorized access, covert surveillance, and data breaches have raised concerns about the security of connected devices and underscored the need for stricter regulations.
Sarah Lyons, representing the National Cyber Security Centre, emphasized the responsibility of businesses in ensuring the security of smart products. She stressed the importance of ongoing protection against cyberattacks and highlighted the role of the new legislation in empowering consumers to make informed decisions about the security of the products they purchase.
Ken Munro, a security researcher at Pen Test Partners, welcomed the new law as a positive step, particularly applauding its enforcement mechanisms. He noted that manufacturers often discontinue support for older products too quickly, leaving them vulnerable to cyber threats. Munro suggested that longer support periods could indicate a manufacturer’s commitment to cybersecurity.
Consumer groups like Which? echoed similar sentiments, emphasizing the significance of the new law in providing vital protections to consumers. They called for stringent enforcement measures by the Office for Product Safety and Standards to hold manufacturers accountable for compliance and ensure consumer safety.
In conclusion, the implementation of stricter laws for smart device security in the UK marks a significant step towards addressing cybersecurity risks associated with connected devices. By imposing mandatory requirements and enhancing transparency, the legislation aims to bolster consumer confidence and mitigate cybersecurity threats in the digital age.
