Major technology brands are failing to inform customers how long smart products will be supported with “vital” security updates before being at risk from hacking, a consumer organisation said on Thursday.
A further 18 percent had policies which were not clear on what they were guaranteeing in terms of support. Over half (59 percent) were fully compliant and stated a defined product support period, according to the report.
The consumer group conducted the survey in April after the Product Security and Telecommunications Infrastructure Act 2022 came into effect and made the measures a legal requirement. Failure to comply could result in fines of up to £10 million or 4 percent of global revenue.
“Despite the product security law being introduced, far too many manufacturers have pushed the limits of what’s required, or just ignored it completely,” Which? said in its analysis.
Rocio Concha, the watchdog’s director of policy and advocacy, said in a statement it was “very disappointing that big brands are seemingly failing to comply with new product security laws despite having well over a year to prepare, leaving customers in the dark about how long their products will be supported with vital security updates and potentially putting them at risk.”
Ms. Concha called on the Office of Product Safety and Standards to “urgently investigate the issue” and provide “clear guidance” for manufacturers.
Smart White Goods
Which? analysed products associated with smart technology such as mobile phones, doorbells, thermostats, and smart speakers, finding that cover varied by brand.In terms of smart TVs, for example, market leaders LG and Samsung offered five years of guaranteed support from the launch of their TVs, whereas Hisense “offers a relatively miserly two years.”
The consumer group also looked at other kinds of goods not typically associated being networked, such as white goods. Which? said that around a third of some product ranges for washing machines and dishwashers are now “smart.”
Out of 224 washing machines examined by Which?, 76 are smart.
The watchdog found that brands like Miele, Bosch, and Siemens offered the longest support for smart dishwashers, while Hisense gives just two years.
Internet of Things at Risk
More and more household appliances are becoming part of the Internet of Things (IoT), or devices that connect with other devices and the internet over a network.The agency said that because IoT devices are “often more focused on being useful than being secure,” they become easy targets for cyber criminals, especially as they have common vulnerabilities to exploit such as weak passwords or are not regularly updated.
Hacking a refrigerator or thermostat may seem pointless, but smart products like these provide opportunities for criminals to create back doors into a person’s home network. Hackers can also exploit smart listening devices or any other tech with a microphone for eavesdropping.
Nemko says that white goods could be hacked “to create groups of hacked devices called botnets. These networks of compromised devices can be used to launch large-scale DDoS attacks or distribute malware.”
In April 2019, the Microsoft Threat Intelligence Center detected attacks by hackers who were able to access networks across multiple customer locations via IoT devices: a VOIP phone, an office printer, and a video decoder. In two of the cases, hackers were able to access the network because the default manufacturer’s passwords had not been changed “and in the third instance the latest security update had not been applied to the device.”
The hackers then attempted to gain further access by performing network scans to look for other insecure devices in order to “move across the network in search of higher-privileged accounts that would grant access to higher-value data.”