Smart devices are those that are capable of connecting to the internet or a home network. For example:
Smart devices are subject to additional consumer protections, designed to protect you from cyber-attacks.
Under the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, manufacturers must comply with 3 security requirements:
1. Universal default passwords are banned.
Easily guessable default passwords can enable hackers to compromise devices on a large scale, facilitating wide-ranging cyber-attacks. If a hacker can guess the password, they can log into your device and use it to gain access to your network.
2. Manufacturers must track security problems and share contact details to allow you to report issues
This allows consumers to prompt manufacturers to upkeep their smart devices by taking the required measures to address any reported security issues with the device, similar to how consumers can have other goods serviced or repaired.
3. Manufacturers must tell you how long they'll provide security updates for
Just as you would install new security updates on your PC or phone, manufacturers of any smart device must release security updates to fix bugs or vulnerabilities that could be exploited by hackers.
Understanding how long they'll do this for is a bit like finding the "use by date" of a food item. Once no further security updates are available and installed on these devices, they become more susceptible to hacking. Some devices may even lose functionality and operate less effectively without these updates and support.
It's a good idea to check the product support end date on the manufacturer's website before making a purchase.
The regulations also require that, with some exceptions, products must come with a statement of compliance.
This must include the name and address of each manufacturer of the product, along with a declaration confirming that they meet the above security requirements.
Failure to comply with these requirements is a criminal offence and carry hefty fines of up to £10 million or 4% of worldwide turnover (whichever is more).