IASME’s new voluntary assurance certification will give shoppers confidence that their smart product has been made cybersecure, thanks to a government grant. TheIoT Security Assured scheme will be open to start-ups and smaller companies to certify their smart products and reassure consumers they meet the required security standards.
New figures commissioned by the government show the average household has bought two new smart devices since the start of the pandemic. These everyday products – such as smart fridges, washing machines and watches – offer a huge range of benefits, yet many remain vulnerable to cyberattacks.
To counter this threat, the government is planning a new law to make sure virtually all smart devices meet new requirements:
· Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates
· A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often pre-set in a device’s factory settings and are easily guessable
· Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Devices that are certified to the IoT Security Assured scheme will display a logo to reassure consumers that their device meets these basic security requirements.
Smartphones are the latest product to be put in scope of the planned Secure by Design legislation, following a call for views on smart device cybersecurity the government has responded to today.
It comes after research from consumer group, Which?, found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.
The government continues to urge people to follow NCSC guidance and change default passwords as well as regularly update apps and software to help protect their devices from cybercriminals.
Digital Infrastructure Minister, Matt Warman, said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.
“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.
“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”
Security updates are a crucial tool for protecting people against cybercriminals trying to hack devices.
Yet research from University College London found none of the 270 smart products it assessed displayed information setting out the length of time the device would receive security updates at the point of sale or in the accompanying product paperwork.
By forcing tech firms to be upfront about when devices will no longer be supported, the law will help prevent users from unwittingly leaving themselves open to cyberthreats by using an older device whose security could be outdated.