The UK has implemented ‘world-first’ mobile security laws under the Product Security and Telecommunications Infrastructure Act in a fresh attempt to tackle cyber crime and fraud in the country.
The Department for Science, Innovation and Technology (DSIT) rolled out the new laws that mandate electronic manufacturers will be banned if password and security measures are deemed too guessable or weak, such as common passwords ‘admin’ or ‘12345’.
These laws are applicable to all electronic devices that require security measures to access, ranging from mobile phones to gaming consoles and electronic fridges.
Due to the proliferation of digital wallets and contactless payments becoming the predominant methods of payment, this act also intends to safeguard users from fraud attacks from accessing sensitive data and information.
The DSIT cites that hacking attacks have occurred on UK banks such as Lloyds and Royal Bank of Scotland, with the former stressing in October 2023 that a major bank hack could result in a devastating $3.5trn loss to the global economy.
Minister for Cyber, Viscount Camrose, said: “As every-day life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.
“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world-first laws that will make sure their personal privacy, data and finances are safe.
“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”
With UK households becoming more and more dependent on electronic smart devices – 99% of households own at least one smart device according to the UK government – the act serves as a necessity to meet the growing adoption rates of these devices.
An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
Under the new measures, the DSIT intends to stomp out potential cyber attacks by declaring that manufacturers will have to publish contact details so bugs and issues can be reported and dealt with accordingly.
Manufacturers will also have to be open with consumers on the minimum time they can expect to receive important security updates, with hackers and fraudsters continually finding new methods, such as AI and deep fakes, to access personal information.
The new laws are part of the UK government’s £2.6bn National Cyber Strategy. Industry leaders collaborated with the government to build the act, as well as manufacturers who will publish information on the new security measures.
One startup seeking to stomp out mobile fraud and theft, Nuke From Orbit, acknowledged the new act as an encouraging development, but James O’Sullivan, CEO and Founder, believes it “overlooks a major weak spot: human behaviour”.
He said: “We all want life to be as easy as possible. Give people a choice between remembering a complicated 10-digit password and using a four/six-digit PIN, a thumbprint, or facial recognition, and most people won’t go with the password.
“Our concern is that businesses will only do what’s required of them, without addressing consumer complacency. The public needs educating on the dangers of repeating PINs, but they also need help to find other ways to easily protect themselves if the worst does happen.
“What we need is for banks, mobile network operators, social networks, and other service providers to look at how their customers actually behave and tackle this escalating issue head-on by helping instantly invalidate stolen data. Only then will we start to make a dent in tackling the escalating threat of smartphone theft.”
