New Arrivals 
Account Information
My Wishlist
My Coupons
Facebook Community
My Orders
My Reviews
Contact Us
Product Security and Telecommunications Infrastructure
The Product Security and Telecommunications Infrastructure (PSTI) Act is a security regime that requires manufacturers and distributors of consumer-connected products in the UK (like smartphones and broadband routers) to take action to ensure their products are more secure against cyber attacks.
The Act came into effect on 29th April 2024 and sets a new security standard that manufacturers must meet to protect consumers against threats, such as data breaches and fraud.
What are the new security standards and how are Costway complying?
1. No default passwords
Consumer-connectable products in the UK must not be sold with default passwords. We are ensuring that Costway branded products have passwords that are either unique per product or defined by the product user.
2. Vulnerability reporting
We will make customers aware of where they can report security issues with Costway's connectable products - these are mostly home or mobile broadband products. You can click here for reporting security concerns for these products.
3. Statements of Compliance
Consumer-connectable products in the UK must only be supplied when accompanied by a Statement of Compliance. We are ensuring that all connectable products made and sold by us have a Statement of Compliance and will let you know where you can find a copy online - see Find your Statement of Compliance below.
4. Minimum security update periods
We must publish the minimum support period for which security updates will be provided for relevant products. This information will be contained in the Statement of Compliance for all Costway connectible products.
Reporting cyber security issues
If you have discovered a security vulnerability in Costway's Consumer-connectable products, we appreciate your help in reporting it to [email protected] in a responsible manner. Our Product Security Incident Response Team (PSIRT) will respond and coordinate a patch to protect your users before any opportunists exploit the issue.
Please include the following information when you report a security vulnerability:
- - The product item(s) no. or link(s)
- - Affected model(s) and firmware/software version(s)
- - Vulnerability description and potential impacts
- - Step-by-step instructions to reproduce the issue
- - Proof-of-concept (PoC) or exploit code for the issue
- - Any suggested solutions to fix this (Optional)
- - Weakness enumeration (e.g., CWE) (Optional)
- - Severity (e.g., CVSS v3.x) (Optional)
The team will try to resolve the issue within 3-7 days of receiving the email.
Note: Costway does not have a security bug bounty program for reported vulnerabilities.
