Smart device security

Big smart tech brands failing to meet new product security laws 

Brands behind expensive smart devices are potentially breaking new product security laws, says Which?

Major brands behind expensive smart devices such as smartphones, doorbells and tumble dryers are potentially breaking new product security laws, while others offer short ongoing support policies, according to a study.

Which? said its survey of more than 120 brands found that nearly a quarter (23%) could be flouting laws by not having a published policy stating a minimum time the manufacturer will prevent the products from losing functionality and becoming hacking risks.

Many other brands offered ‘pitifully short’ support periods, the consumer group said. While this did not breach the new laws, it essentially meant the manufacturer quickly abandoning the product and putting consumers at risk long before the end of the device’s natural life.

New product security laws

The Product Security and Telecommunications Infrastructure Act 2022 came into force in April this year, applying to the majority of smart products and making it illegal to sell products in the UK that do not have published product update policies stating a minimum time for support to uphold functionality.

Manufacturers that fail to comply with the laws face potential fines of up to £10 million or 4% of worldwide revenue.

Which? is now calling on the Office for Product Safety and Standards (OPSS) to investigate the issue and outline what it will be doing to enforce the new laws.

Smart tech brands with no or poor support policies

Which? researchers surveyed manufacturers and checked online for the support policies of 128 brands across around 30 product categories.

Around a quarter (23%) did not have a policy in the public domain and gave no indication they were addressing this, the consumer group said, adding that they ‘would appear to be breaking the law’.

A further 23 brands (18%) had a policy that, in Which?’s view, was not clear.

Which? said 76 brands (59%) had a compliant published policy, stating a clearly defined support period.

The regulations state that the policy should be clear, accessible and transparent, and understandable by anyone, regardless of their technical knowledge.

However, Which? said most brands were burying policies in distant corners of their website, or in hard-to-read technical compliance documents.

Household brands selling customers short on security

In the smartphone category, Which? said Alcatel, Huawei and TCL did not have published policies on technology updates, although TCL said it was working on adding policy information.

Researchers considered Honor’s policy ‘insufficiently clear’, and found some brands such as Motorola and Xiaomi guaranteed just two years of support on some handsets, compared with seven or more from rivals, and despite smartphones having estimated physical lifetimes of around five years on average.

Washing machines have an estimated physical lifetime of 11 years, but Haier group’s policies, covering Candy and Hoover, in the washing machine, dishwasher, smart oven and fridge-freezer product categories were two years of support ‘from purchase’.

Liebherr also failed to publish clear support policy information for consumers buying its fridge-freezers.

For tumble dryers, Hoover did not appear to have any stated support policy and so was failing to comply with regulations, Which? said.

It said brands such as Beko and Hisense offered “pitiful” one and two-year guaranteed support periods respectively, compared with Bosch and Miele at 10 years.

Although smart TVs had an estimated average physical lifetime of almost seven years, Which? found TCL, Panasonic and Sony all had “poor” policies. Hisense offered two years of support from when a model was first released.

On smart speakers, Belkin, B&W and Audio Pro were silent on support policies, the watchdog reported.

And while wireless cameras and smart doorbells were particularly sensitive security risks as their primary purpose was to protect people’s homes, Which? found that Arlo and Ubiquiti said nothing about how long their products would be supported with security updates.

National product regulator asked to ‘urgently investigate’

Which? said a number of companies either changed or were in the process of changing their policies after being contacted by Which?.

The consumer group made contact with all 128 brands twice, with the second phase being to clarify their positions.

At this stage, researchers also offered the chance to provide comment, alongside the policy, but no brand had done this.

Which? director of policy and advocacy Rocio Concha said: ‘It’s very disappointing that big brands are seemingly failing to comply with new product security laws despite having over a year to prepare, leaving customers in the dark about how long their products will be supported with vital security updates, and potentially putting them at risk.

‘It’s bad news for consumers and the environment, especially when you consider these short support periods could result in smart tech ending up in landfill way before its time.

‘The OPSS must urgently investigate this issue, provide clear guidance for manufacturers and explain how it is going to crack down on brands ignoring security laws designed to help consumers buy products that are built to last.’

Related claims

Google Search

Google Search

Google is accused of anti-competitive behaviour by shutting out search engine competition in £7 billion lawsuit affecting 65 million UK consumers.

Amazon

Amazon

Do you shop using Amazon’s marketplace at amazon.co.uk? You could be eligible for compensation. Sign up to stay updated.

Google Play Store app on smart phone

Google Play Store

Google faces a £920m consumer claim for excessive Play Store charges. Sign up for updates if you bought apps on your android since 1 October 2015.