The Internet of Things (IoT) is enabling more and more devices in our everyday life to be connected to the internet, but security is lacking, potentially leaving your personal data exposed. Therefore, the Government in the UK have launched consultations to make IoT products more secure.
Figures from Statista predict that there will be close to 17 billion connected devices by the end of this year, and over 75 billion by 2025. This explosion in the number of products will mean that more of our personal data is being processed by these devices, and if not adequately protected, that data is vulnerable to exploitation.
Digital Minister Margot James has launched a Government consultation to discuss the ways in which consumers can be better protected from cyber attacks on their IoT technologies. This includes making the public more aware of how secure their devices are and helping to choose a product which meets their security needs.
“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk”Digital Minister Margot James
Following the consultation, the Government are set to launch a product labelling system which will tell customers how secure the information on the device is. This will initially be a voluntary scheme, but is likely to become mandatory on all IoT products, from smart teddy bears to smart bedside clocks. An alternative to this labelling system is to mandate retailers to not sell any device which does not adhere to the Secure by Design code of Practice.
Basic cyber security features are to be built into products right from the design stage, following the current ‘Secure by Design’ code of practice. This includes:
- Having unique passwords which are not universal or able to be reset
- Manufacturers providing a public point of contact for consumers to receive more information
- Manufacturers explicitly stating the minimum length of time for which the device will receive updates for security
The use of generic passwords is one of the biggest security risks in this type of product. The devices often come with a universal password, which can easily be used by a hacker to gain access to the device and view the data stored within.
The Government’s voluntary Secure by Design Code of Practice was launched last year as a recommendation to make consumer IoT devices more secure. This initiative has been backed by tech companies including HP Inc, Green Energy Options (geo) Ltd and Panasonic.
The announcement of this latest consultation comes just a day after Margot James MP held a discussion on IoT security with some of the biggest global technology companies. As a result of this meeting, Amazon, Phillips, Panasonic, Samsung, Miele, Yale and Legrand have all committed to making the IoT world safer.