Interview with Ian Drew – Chairman at Foundries.io

Securing smart devices – what does the future hold?

 

The British government has recently announced new ground-breaking security laws to protect smart devices following a recent surge in sales fuelled by the pandemic. According to the Department for Digital, Culture, Media and Sport (DCMS) almost half (49%) of UK consumers have bought at least one smart device since the outbreak of COVID-19 in 2020.

With smart devices becoming more prevalent in all areas of our lives, security vulnerabilities cannot be ignored. Just one affected device can put a user’s entire network at risk and, in extreme cases, cyber criminals can take advantage of poor security features (or inherently vulnerable devices) to access people’s information and identity.

foundries.io-logo

 

Under the new plans, OEMs will be responsible for telling consumers how long the software on the smart devices they purchase will be updated for, and when new security patches will become available. This will need to be disclosed to customers upfront.

To put this into perspective, research by Which? found one third of people kept their mobile phone for four years, but some brands only offered security updates for a little over two years. Hackers are continually becoming more sophisticated and, as more assets become digital, the risks and implications of cyber-attacks are intensifying for all businesses and consumers.

This proposed law is no doubt a step in the right direction in helping users stay safe whilst using their favourite smart devices.

 

Software Vulnerabilities

 

Security updates are crucial for protecting people against cyber criminals attempting to hack devices. However, with software vulnerabilities becoming a growing concern, these weak spots in defence can become detrimental to a user’s security. Put it simply, software vulnerabilities mean attackers can easily find ways into systems and networks and extract sensitive information.

Therefore, requiring the duration of supported security updates will only help to prevent people from using unsupported and vulnerable devices. It is important to enable secure devices to be developed and deployed, as well as to be maintained through the provision of secure over-the-air (OTA) updates. This is critical for consumer confidence and security.

Bigger picture, it also means that security needs to be baked into the design and development of smart devices, right from the very start. When innovation and speed to market are of the essence, security can sometimes come as an afterthought. This will forever change with consumer expectations, and we will see organizations look for smarter, simpler ways to enable secure updates to their devices.

Looking to the future We expect other countries to follow suit. Outside of the UK, the US announced similar legislation last year and the European Commission has been working on a number of initiatives for the security of connected consumer devices. The proposal and implementation of similar laws will challenge OEMs to step up their defence and tighten cybersecurity measures.

We are living in a time where the Internet of Things (IoT) is evolving at an incredibly fast pace – security practices and software updates must keep up. This cannot be understated.