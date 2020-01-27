Gadget makers will have to provide a series of new protections for connected speakers, cameras and other devices, as part of a UK government crackdown on the security of the so-called “internet of things”.

The UK’s Department of Digital, Culture, Media and Sport said on Monday that a new law would force companies to “explicitly state” how long they will provide security updates for, when customers purchase the product.

DCMS will require manufacturers to ship individual devices with unique passwords, so that hackers cannot take advantage of customers who fail to change the default login details. Vendors will also have to make it easier for researchers to report vulnerabilities to them.

Connected devices — from security cameras and smart speakers to baby monitors and toys — have become a booming part of the consumer electronics industry in recent years. However, a series of security scares that left consumers vulnerable to eavesdroppers and hackers has prompted concern that tech companies were failing to do enough to protect their customers.

“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety,” Matt Warman, the UK’s digital minister, said in a statement. “It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”

IoT devices are the Wild West of consumer technology and there is no end of cheap Chinese connected products to which this would apply

While companies such as Apple, Amazon and Google often provide years of software updates for their smartphones, speakers and other “smart home” devices, few manufactures commit at the point of purchase how long they will provide such support. The UK is among the first countries to mandate such a requirement.

Many IoT devices stop working altogether if their manufacturer decides to no longer support them, forcing them into obsolescence. For instance, last week Sonos faced criticism when it announced that it planned to phase out software updates for some of its older speakers, arguing that they had been “stretched to their technical limits in terms of processing power”. After the backlash, Sonos said it would work on a way to continue support.

Apple, Google and Amazon are yet to comment on the UK proposals.

Ben Wood, analyst at CCS Insight, said the new rules were “necessary” given the proliferation of internet-enabled devices from a wide range of manufacturers.

“Commitment to security updates has started to become a de facto standard in the smartphone world,” Mr Wood said. “But IoT devices are the Wild West of consumer technology and there is no end of cheap Chinese connected products to which this would apply. How you enforce it is more problematic.”

Mr Wood said it would probably fall to retailers to enforce the new rules.