UK’s IoT ‘safety by design’ regulation will cowl smartphones too – .

Smartphones will come under the scope of a proposed UK “Security by Design” law aimed at improving the security of consumer devices, the government said today.

She made this known in her response to a consultation on legislative plans aimed at addressing some of the most lax security practices associated with the Internet of Things (IoT) in a long time.

The government introduced a security code for manufacturers of IoT devices back in 2018. However, the upcoming legislation is intended to build on this with a series of legally binding requirements.

A draft law was broadcast by the ministers in 2019. The government focused on IoT devices such as web cameras and baby monitors, which have often been associated with the most outrageous device security practices.

It is now planned that virtually all smart devices will be covered by legally binding security requirements. The government refers to research by the consumer group “Which?”. It found that a third of people kept their last phone for four years, while some brands only offered security updates for a little over two years.

The upcoming legislation stipulates that smartphone and device manufacturers such as Apple and Samsung must inform customers about the length of time a device will receive software updates at the point of sale.

It also prevents manufacturers from using standard universal passwords (such as “Password” or “Administrator”), which are often preset in the factory settings of a device and are easy to guess. This makes them meaningless for security reasons.

California passed a law in 2018 banning such passwords. The law came into force last year.

UK law also requires manufacturers to provide a public contact person to make it easy for anyone to report a vulnerability.

The government said it would legislate as soon as parliamentary time allows.

In a statement, Digital Infrastructure Minister Matt Warman added, “Our phones and smart devices can be a gold mine for hackers looking to steal data, but large numbers are still running older software with flaws in their security systems.

“We’re changing the law to make sure customers know how long products have critical security updates on before they buy, and we’re making it harder to get started by banning standard passwords that are easy to guess.

“The reforms, supported by technology associations around the world, will torpedo the efforts of online criminals and strengthen our mission to get back safer from the pandemic.”

A DCMS spokesman confirmed that laptops, PCs and tablets without a cellular connection are neither regulated by law nor used products. Though he added that the scope should be adaptable to ensure the law can keep up with new threats that devices may encounter.

Comments are closed.