Big tech brands selling customers short on security – Which?

Which? found 23% of brands it surveyed could be flouting laws by not having a published product security updates policy.

Josie Clarke
Thursday 20 June 2024 08:55 BST
Major brands behind expensive smart devices such as smartphones and tumble dryers are potentially breaking new product security laws, Which? said (Alamy/PA)
Major brands behind expensive smart devices such as smartphones and tumble dryers are potentially breaking new product security laws, Which? said (Alamy/PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Major brands behind expensive smart devices such as smartphones, doorbells and tumble dryers are potentially breaking new product security laws, while others offer “pitifully short” support policies, according to a study.

Which? said its survey of more than 120 brands found that nearly a quarter (23%) could be flouting laws by not having a published policy stating a minimum time the manufacturer will prevent the products from losing functionality and becoming hacking risks.

Many other brands offered “pitifully short” support periods, the watchdog said.

While this did not breach the new laws, it essentially meant the manufacturer quickly abandoning the product and putting consumers at risk long before the end of the device’s natural life.

The Product Security and Telecommunications Infrastructure Act 2022 came into force in April this year, applying to the majority of smart products and making it illegal to sell products in the UK that do not have published product update policies stating a minimum time for support to uphold functionality.

Manufacturers that fail to comply with the laws face potential fines of up to £10 million or 4% of worldwide revenue.

Which? is now calling on the Office for Product Safety and Standards (OPSS) to investigate the issue and outline what it will be doing to enforce the new laws.

Which? researchers searched online for the support policies of 128 brands across around 30 product categories, and also asked them if they had a clear updates policy.

Some 23% did not have a policy in the public domain and gave no indication they were addressing this, the consumer group said, adding that they “would appear to be breaking the law”.

A further 23 brands (18%) had a policy that, in Which?’s view, was not clear.

The watchdog said it believed just 76 brands (59%) had a compliant published policy, stating a clearly defined support period.

The regulations state that the policy should be clear, accessible and transparent, and understandable by anyone, regardless of their technical knowledge.

However, Which? said most brands were burying policies in distant corners of their website, or in hard-to-read technical compliance documents.

In the smartphone category, Which? said Alcatel, Huawei and TCL did not have published policies on technology updates, although TCL said it was working on adding policy information.

It’s bad news for consumers and the environment, especially when you consider these short support periods could result in smart tech ending up in landfill way before its time

Rocio Concha, Which?

Researchers considered Honor’s policy “insufficiently clear”, and found some brands such as Motorola and Xiaomi guaranteed just two years of support on some handsets, compared with seven or more from rivals, and despite smartphones having estimated physical lifetimes of around five years on average.

Washing machines have an estimated physical lifetime of 11 years, but Haier group’s policies, covering Candy and Hoover, in the washing machine, dishwasher, smart oven and fridge-freezer product categories were two years of support ‘from purchase’.

Liebherr also failed to publish clear support policy information for consumers buying its fridge-freezers.

For tumble dryers, Hoover did not appear to have any stated support policy and so was failing to comply with regulations, Which? said.

It said brands such as Beko and Hisense offered “pitiful” one and two-year guaranteed support periods respectively, compared with Bosch and Miele at 10 years.

Although smart TVs had an estimated average physical lifetime of almost seven years, Which? found TCL, Panasonic and Sony all had “poor” policies. Hisense offered two years of support from when a model was first released.

On smart speakers, Belkin and Audio Pro were silent on support policies, the watchdog reported.

And while wireless cameras and smart doorbells were particularly sensitive security risks as their primary purpose was to protect people’s homes, Which? found that Arlo and Ubiquiti said nothing about how long their products would be supported with security updates.

Which? said a number of companies either changed or were in the process of changing their policies after being contacted by the watchdog.

The consumer group made contact with all 128 brands twice, with the second phase being to clarify their positions.

At this stage, researchers also offered the chance to provide comment, alongside the policy, but no brand had done this.

Which? director of policy and advocacy Rocio Concha said: “It’s very disappointing that big brands are seemingly failing to comply with new product security laws despite having over a year to prepare, leaving customers in the dark about how long their products will be supported with vital security updates, and potentially putting them at risk.

“It’s bad news for consumers and the environment, especially when you consider these short support periods could result in smart tech ending up in landfill way before its time.

“The OPSS must urgently investigate this issue, provide clear guidance for manufacturers and explain how it is going to crack down on brands ignoring security laws designed to help consumers buy products that are built to last.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in