By the end of 2019 there will be 14.2 billion internet-connected devices in use, according to market analysts, Gartner.
The rapid growth of the Internet of Things (IoT) has led to the creation of a new law on security. With this comes an increase in security vulnerabilities in IoT devices, even in seemingly harmless items such as toy dolls to internet connected ovens.
Internet connected devices with poor security often become the target for cyber-attackers who hack them in order to steal personal data, spy on users, or remotely take control of devices to misuse them.
IoT devices often have many security flaws, which makes them easy to hack. This could be something like a pre-set unchangeable password. The technical director of the UK’s National Cyber Security Centre has commented on the issue, saying that is totally unacceptable that these issues are not being fixed by manufacturers.
In light of the security breaches that have occurred, the Digital Minister, Margot James, has introduced new legislation in order to protect users. Under this legislation, a labelling system will be introduced to tell the consumer exactly how secure a product is. Although initially this will be voluntary, eventually retailers would be barred from selling products if they did not adhere to the rules.
In order to gain a label and be released on the market, IoT products will have to:
- Come with unique parcels by default
- Clearly state how long security updates will be available for the product
- Offer a public point of contact to whom cyber-security vulnerabilities can be reported
A step forward
Cyber-security expert, Ken Munro, has described the legislation as a “positive step forward, helping to fix the mess that is consumer smart product security.” However, Mr Munro recently expressed that he still has a ‘wish list’ of steps for the UK to take in the future in order to ensure all IoT devices are as safe as possible.
For example, Mr Munro has argued that consumers should be able to return unsafe devices and that retailers should commit not to sell any device that could be vulnerable to an attack. He also argues that the government should pass laws, requiring companies to tighten IoT security.
Let us know your thoughts on IoT security in the comments below, or Tweet us at @Hyve!