New Law Proposed to Secure Internet of Things Devices
Digital Minister Margot James has launched new legislation to address serious cybersecurity flaws in consumer Internet of Things (IoT) devices.
In a move to better protect consumers, a potential law has been put forward that could help ensure future IoT devices are more secure.
Internet connected devices have rapidly risen in popularity, but many of the devices coming to market are considered “easy targets” by hackers.
According to Gartner, by the end of 2019 there will be 14.2 billion internet-connected devices in use worldwide. From IoT fish tanks to children’s dolls, hackers have shown these devices can be hijacked and used by them to steal data, misuse the object or spy remotely on the owner.
The proposed legislation would see the introduction of a new labelling system that would inform consumers on how secure the device is.
Recommended: Top 5 Technology Trends for 2019
Digital Minister Margot James, who launched the legislation, said it would support the UK’s bid to be a “global leader in online safety”.
Initially the labelling scheme would be voluntary, but eventually retailers would be prohibited from selling IoT products without the labels.
For a device to qualify for a label it would need to;
- Come with unique passwords by default
- State clearly for how long security updates would be made available
- Offer a public point of contact to whom any cyber-security vulnerabilities may be disclosed
The new law follows the principles of the voluntary code of practice for IOT manufacturers that was published in the UK last year.
Technical director of the UK’s National Cyber Security Centre (NCSC), Ian Levy, said: “Serious security problems in consumer IOT devices, such as pre-set unchangeable passwords, continue to be discovered – and it’s unacceptable that these are not being fixed by manufacturers.”
Speaking to BBC News, cyber security expert Ken Munro, who has exposed a number of IoT security flaws, described the move as a “positive step forward, helping to fix the mess that is consumer smart product security”.
“It’s important that government doesn’t allow the proposed regulation to be watered down during consultation. The proposals are limited, but a good start,” he said.
“I’m particularly pleased to see product security labelling being proposed, so that buyers can make informed decisions.”