Smart devices to carry warning labels telling buyers how easy they are to hack, government says


“Our Code of Practice was the first step towards making sure that products have safety features built in from the design stage and not bolted on as an afterthought.”

The new code, which has been drawn up by the Department for Digital, Culture, Media and Sport, stipulates devices must to adhere to three basic standards. These include not using standard identical passwords, telling consumers how long the device will receive software updates for and providing a point of contact where people can report vulnerabilities they find.

The Telegraph understands the Government’s preferred option is to make manufacturers clearly label whether the smart devices meet the minimum standards or not.

However, ministers also considering more stringent regulations that could see products banned in the UK if they don’t comply with the standards.

The move comes as the Government warned that some popular devices had security flaws that left users’ data and privacy at risk from hackers.

Earlier this year thousands of smart TV’s and speakers, including Google’s Chromecast, were hijacked in a stunt by fans of Brighton-based YouTuber Felix Kjellberg, known as Pewdiepie, and made to play his videos.

Yet, the new standards also aim to prevent more serious cyber threats, such as mass assaults called distributed denial of service attacks, which the government said could “pose a risk to the wider economy.”

These involve hackers exploiting security weaknesses to take control of thousands of devices at a time.

Following the consultation the code is expected to come before Parliament alongside the Government’s online harms white paper. The code will then be introduced on a voluntary basis at first to give manufacturer’s time to comply before becoming mandatory.

The proposed code was welcomed by Dr Ian Levy, the Technical Director of the UK’s National Cyber Security Centre.

He said: “Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers.”


Please enter your comment!
Please enter your name here