News

Plans to force tech firms to strengthen smart devices’ security revealed

Unique passwords on devices out of the box is one of the measures the Government hopes to make law.
Unique passwords on devices out of the box is one of the measures the Government hopes to make law.

Smart device makers could be forced to follow new security rules in a bid to protect people from the threat of hackers.

The Government plans would make manufacturers use unique passwords on all internet-connected devices out of the box, instead of one default password.

They will also have to ensure that these passwords are not resettable to any universal factory setting.

It comes as more people turn to smart technology and the Internet of Things (IoT) around the home, ranging from digital assistant speakers to smart toys.

Smart speakers alone are now present in around one in five UK households in the UK, according to an Ofcom report last year, an increase of 7% from 2018.

“We want to make the UK the safest place to be online, with pro-innovation regulation that breeds confidence in modern technology,” said Digital Minister Matt Warman.

“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.

“It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”

The rules will force device makers to provide a public point of contact so anyone can report a vulnerability and compel companies to act on issues in a timely manner.

Manufacturers will also be expected to make clear the minimum length of time the device will receive security updates, at the point of sale.

Following a consultation on the measures, the Government aims to deliver legislation “as soon as possible”.

Password
The rules would force manufacturers use unique passwords on all internet-connected devices out of the box (iStock/Getty) (RayaHristova/Getty Images/iStockphoto)

The National Cyber Security Centre (NCSC), which helped develop the plans in conjunction with the Department for Digital, Culture, Media and Sport (DCMS) and the business industry, said the move will provide buyers with “increased peace of mind”.

“Smart technology is increasingly central to the way we live our lives, so the development of this legislation to ensure that we are better protected is hugely welcomed,” said Nicola Hudson, policy and communications director at the NCSC.

“It will give shoppers increased peace of mind that the technology they are bringing into their homes is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past.”

Given the global nature of smart device production, the Government says it will need to work with international partners to ensure that the guidelines drive a consistent, global approach to security.

Caroline Normand, director of advocacy at the Which? consumer group, said: “Which?’s product testing has exposed serious security flaws with a number of products that fail the most basic of security tests, including wireless cameras and popular children’s smart toys, so regulation of mandatory security requirements must be a critical first step.

“Strong enforcement will be essential, and manufacturers, online marketplaces and retailers must be held accountable in order to prevent security-risk products ending up in people’s homes.”