A new certification scheme has been launched to verify IoT cybersecurity standards for smart devices.
Open to startups and smaller companies, the programme will certify that the smart products they offer meet cybersecurity standards. This will also help reassure consumers that their IoT devices are secure.
The IoT Security Assured scheme was developed by cybersecurity certification group IASME and backed by a UK Government grant.
Devices that are certified as part of the scheme will display a logo to reassure consumers that their device meets these basic security requirements.
In addition, the government will create a new law to enforce security requirements on smart devices. These will include requiring customers to be informed at the point of sale the duration of time for which a smart device will receive security software updates.
The law will ban manufacturers from using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable. Manufacturers will also be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Digital Infrastructure Minister Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.
“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.
“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”
- Digital Energy 2021 | Meeting challenges old and new
- YouTube | Marking the rise of a social media behemoth
- Scottish Tech Army officially unveils inaugural tech for good summit
A December 2020 report from the UK Government noted that the average household has bought two new smart devices since the start of the pandemic.
While the most commonly owned devices include smartphones, laptops and tablets, a significant number also internet-connected devices like routers, smart TVs, and games consoles.
Personal assistants have also seen growth since the start of the pandemic, with 10% of households adding one since the pandemic. However, all these devices are potentially vulnerable to cyberattacks.
Recent research from consumer group Which? warned that a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.
National Cyber Security Centre Technical Director Dr Ian Levy said: “Consumers are increasingly reliant on connected products at work and at home. The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough.”