IoT is on the rise globally and the UK government is preparing to face security challenges that come with it.
Almost half (49%) of the UK’s residents have purchased at least one smart device since the start of the COVID-19 pandemic., according to the figures from last year confirming the growing use of IoT devices.
The UK government is working on legislation that will include new security requirements for the manufacturers of Internet of Things (IoT) devices.
The announcement from the Department of Digital, Media and Sport (DCMS) came amidst numerous security concerns with the connected devices. The move shows that UK officials realize the challenges of keeping consumers and businesses safe that are augmented by the shift to remote work.
The new legislation will bring smartphones under the scope of the secure by design legislation. The UK government pointed out recent research by Which? that found that mobile phone companies put customers at risk with inadequate update support with some brands only offering security updates for a little over two years.
UK’s Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.
Under the provisions of the new law, makers of phones, speakers, doorbells, and other IoT devices will have to inform customers how long a product will be receiving security software updates. Manufacturers will be disallowed to use default passwords like ‘password’ or ‘admin’ in a device’s factory settings that are responsible for a large proportion of security incidents.
Companies will also have to provide consumers with public contact to make it easier for them to report vulnerabilities.
The laws were initially proposed at the start of last year and will be introduced as soon as parliamentary time allows.
“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.
“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic,” Warman said.
Additionally, FIDO, the open industry alliance, recently announced the development of a new standard that will help onboard IoT devices quicker and more securely.