New laws for IoT1 min read

Under proposed new laws, the internet of things (IoT) would have to be made significantly more secure. The move comes in the wake of vulnerabilities found in a range of products from toy dolls to internet-connected ovens. The new laws would mean that such devices would have to come with unique passwords, among other precautions.

According to Gartner,the analysts, by the end of this year there will be 14.2 billion internet-connected devices in use worldwide. These include connected TVs, smart speakers and home appliances with internet connectivity. Typically cyber-attackers hack them in order to steal personal data, spy on users or remotely take control of devices to otherwise misuse them.

Labelling system

Launched by Digital Minister Margot James, the proposed legislation, would also introduce a new labelling system to tell customers how secure an IoT product is. Retailers would eventually be barred from selling products without the labels although initially the scheme would be voluntary.

To gain a label and enter the market, IoT devices would have to:
• come with unique passwords by default
• state clearly for how long security updates would be made available
• offer a public point of contact to whom any cyber-security vulnerabilities may be disclosed

The proposed laws follow a voluntary code of practice for IoT manufacturers that was published in the UK last year.

“Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered – and it’s unacceptable that these are not being fixed by manufacturers,” said the technical director of the UK’s National Cyber Security Centre (NCSC), Ian Levy.

Find out more.