AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Summary
- The Department of Digital, Culture, Media & Sports) has introduced new cybersecurity laws
- Nearly 49 per cent of UK residents have bought at least one smart device since the beginning of the coronavirus pandemic
- The makers of smart devices will be mandatorily required to disclose the information regarding the security of devices
Smart devices, wearables, and network-enabled gadgets remain vulnerable to innumerable cyber-attacks, including phishing, malware, SQL injection, DNS tunnelling, among others. With the rising online sales due to the extended course of the pandemic, the Department of Digital, Culture, Media & Sports (DCMS) has introduced new cybersecurity laws that are intended to safeguard the smart devices of individuals from possible cyber-attacks.
New rules
Within the newly orchestrated cyber security laws, the makers of smart devices such as Apple, Samsung, Amazon, Google will be required to keep the customers informed with regard to the updates guaranteed by the company. Following this, smart devices, including phones, doorbells, speakers, and other wearables, will come with a stipulated timeline until which these devices will be entitled to receive the vital security updates.
The digital department has also mandated to ban the easy-to-guess passwords on all the devices under the new regulations. For instance, passwords formulated with the help of dictionary words, person’s name, address, year of birth, and other so-called personal information remain unguarded as such combinations are very easy-to-interpret. Under the new guidelines, individuals can easily report software bugs that are likely to be exploited by hackers.
Why is it needed?
According to the new data revealed by the government, nearly 49 per cent of UK residents have bought at least one smart device since the beginning of the coronavirus pandemic. Smartwatches, cameras, smart TVs, and mobile phones have remained vulnerable to cyber-attacks as fraudsters specifically target everyday products and devices that have a strong user base.
The issue of weakened device security needs to be addressed as only one vulnerable gadget can put a user’s network at risk. In order to overcome the threat of cyber-attacks, the government acting through the DCMS has been working towards incorporating new rules for smart devices. Subsequent to the new rules pertaining to the smart devices, all the gadget makers will be banning the universally known default passwords such as admin, password on the devices.
Copyright © 2021 Kalkine Media Pty Ltd.
Subsequent changes
With such a ban on usage of weak and easy-to-guess passwords, there is a definite likelihood of increased password protection as people will be forced to construct a password with the mandated instructions. Moreover, the manufacturers will be directed to facilitate a public point of contact that can help in simplifying the process of reporting a vulnerability by eliminating the unnecessary steps.
The makers of smart devices will be mandatorily required to disclose the information regarding the security of devices and the time period for which the device will remain qualified for receiving the security software updates. All such details will be informed at the point of sale only.
According to a research conducted by the London-based consumer group Which?, there are some mobile brands that only offer security updates for a maximum period of little more than two years, while a third of people keep their last phone for an average period of four years. Security updates have been a crucial tool in safeguarding smart devices against the online attacks triggered by cyber criminals.
The UK government continues to urge people to follow the guidelines issued by the National Cyber Security Centre to rigorously update the mobile applications, software, change default passwords to protect their devices from cyber criminals.
As per the estimates by the DCMS, only one in every five global smart devices manufacturers is equipped with a mechanism to allow security researchers to report cybersecurity vulnerabilities.
