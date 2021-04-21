



The UK government is pushing for legislation that imposes new security obligations on manufacturers of Internet of Things (IoT) devices, the Digital Media Sports Department (DCMS) announced today.

This announcement came amid the growing use of IoT devices. The UK government has highlighted the numbers at the end of last year, showing that nearly half (49%) of UK residents have purchased one or more smart devices since the COVID-19 pandemic began. . There have been numerous security issues with these devices in recent years that must be addressed to keep consumers and businesses safe.

Smartphones will now be included in the security scope by design legislation as the government points out recent research. As a result, a third of them have kept their last phone for four years, but we have found that some brands offer security updates for just over two years.

Among the legal provisions, manufacturers of smart devices such as phones, speakers and doorbells must inform their customers of how long their products can receive security software updates. Manufacturers are also forbidden to use universal default passwords that can be easily guessed, such as’password’ or’administrator’, in the device’s factory settings.

Additionally, you must provide an open point of contact so that anyone can easily report the vulnerabilities.

This law was first proposed in the beginning of last year, based on the non-binding code of practice introduced in 2018.

The government added that it would introduce legislation as parliamentary time permits.

Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers trying to steal data, but still many are running old software that has holes in their security systems.

“We are changing the law so that buyers know how long critical security updates are supported before purchasing a product, and we are making it difficult to break into devices by banning a default password that can be easily guessed.

“The reforms backed by technology associations around the world will reinforce our mission to repel the efforts of online criminals and get them back safer from the epidemic.”

Yesterday, FIDO, an open industry alliance, announced the development of a new standard to help onboard IoT devices quickly and safely.

