New law could reveal when your iPhones or Android will stop working
Matt Warman, the digital infrastructure minister, said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.”
Politicians have already launched efforts to make it easier for consumers to repair broken gadgets, in particular home appliances, to extend their lifespan.
MPs on the Environmental Audit Committee have also hit out at “planned obsolescence”, devices that only last a short time before needing replacement, to crack down on electronic waste, while innovation foundation Nesta has called for a mandatory seven years of software updates to “break the two-year cycle” that forces consumers to regularly buy new tech.
Although Apple’s iPhones do provide several years of security updates, the California company has previously come under fire for slowing down its smartphones to improve their battery life. Last year, it agreed to pay up to £360m to settle a class action legal claim, although it did not admit wrongdoing.
In 2020, Microsoft finally ended support for its popular Windows 7 product after agreeing to at least 10 years of support when it was released in 2009.
Under the proposals, manufacturers will be expected to provide a simple point of contact for the public to report any vulnerabilities they spot.
They will also be banned from including easy-to-guess default passwords such as “password” or “admin”.
In extreme cases, so-called internet-of-things devices have been hijacked in their millions and used for “denial of service” attacks. The 2016 Mirai botnet attack, which shut down swathes of US websites, was one such cyber attack.
Under the proposed rules, device makers will also be mandated to provide a point of contact so that cyber researchers and “white hat”, or ethical, hackers can warn them of faults with their gadgets.
Industry group the Cyber Tech Accord, backed by Arm, Microsoft and Dell, has also launched a new set of voluntary standards to improve the security of smart devices, including a set of digital health check labels to be displayed on new tech such as toys and cameras. The schemes have been backed up by a £400,000 state grant.
Ian Levy, technical director at the National Cyber Security Centre, said: “While manufacturers of these devices are improving security practices gradually, it is not yet good enough. I’m pleased to see the pilots, funded by the Department for Digital, Culture, Media and Sport (DCMS), begin to test ways in which customers will be able to gain confidence in the security of these devices.”