LONDON — Makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks in the United Kingdom, the government said in a statement.

New figures commissioned by the government show almost half (49 percent) of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products — such as smartwatches, TVs and cameras — offer a huge range of benefits, yet many remain vulnerable to cyber attacks.

Just one vulnerable device can put a user’s network at risk. In 2017, attackers infamously succeeded in stealing data from a North American casino via an internet-connected fish tank. In extreme cases hostile groups have taken advantage of poor security features to access people’s webcams.

To counter this threat, the government is planning a new law to make sure virtually all smart devices meet new requirements:

— Customers must be informed at the point of sale of the duration of time for which a smart device will receive security software updates.

— A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often present in a device’s factory settings and are easily guessable.

— Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.

Smartphones are the latest product to be put in the scope of the planned Secure By Design legislation, following a call for views on smart device cybersecurity the UK government has responded to.

The move comes after research from the consumer group Which? found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.

The government continues to urge people to follow NCSC guidance and change default passwords as well as regularly update apps and software to help protect their devices from cybercriminals.

Commenting on the proposed law, UK’s Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.”

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords,” Warman added. — Agencies