Hi-tech ovens, children’s smartwatches, even dolls are some of the connected products which have been proven to have major security flaws, enabling them to be controlled remotely by malicious operators.
New legislation designed to shore up protection may force such items to have their own unique password that users would have to key in before the gadgets can be activated.
According to Gartner, the number of devices connected to the Internet of Things is set to hit 14.2 billion worldwide by the end of this year. While praised for their convenience and hi-tech capability, such products also carry a security risk as they can be targeted by cyber-criminals intent on stealing private data. Connected cameras can be taken over to spy on their owners, and devices can be generally misused or disrupted, posing considerable risk to the data protection and privacy rights of consumers.
The new laws, which have been launched by Digital Minister, Margot James, would also oblige manufacturers to install a new labelling system on IoT products to clearly inform consumers of the product’s safety levels. While the scheme would initially be voluntary, retailers would eventually be stopped from storing products that do not have the proper labelling in place.
In order to obtain a label and qualify for sale, IoT devices would have to come with unique passwords, say how long security updates would be available for the product, and provide contact details of a service to which security flaws could be reported.
The proposed laws build on a voluntary code of practice for IoT product makers that was released in Britain in 2018. These latest legal measures are, Ms James says, part of Britain’s drive to be a “global leader in online safety.”
Technical director at the UK’s National Cyber Security Centre (NCSC), Ian Levy, said:
“Serious security problems in consumer IOT devices, such as pre-set unchangeable passwords, continue to be discovered – and it’s unacceptable that these are not being fixed by manufacturers.”
Speaking to BBC News, cyber-security leader, Ken Munro described the laws as a “positive step forward, helping to fix the mess that is consumer smart product security”.
“It’s important that government doesn’t allow the proposed regulation to be watered down during consultation. The proposals are limited, but a good start. I’m particularly pleased to see product security labelling being proposed, so that buyers can make informed decisions,” he added.