UK government ups security protection for IoT devices

null

IoT-connected devices will need to ensure they measure up to basic security standards under new rules being proposed by the UK government.

Guidelines revealed today will mean that manufacturers will need to make smart devices such as TVs, routers and even children's toys conform to a new 'Secure By Design' protocol.

Products will soon need to carry a security label informing users how secure their IoT devices are, and warn about possible hacking risks. The scheme will be voluntary to begin with, but ultimately will widen to become mandatory, with non-conforming companies facing fines or even bans.

The labels will need to communictate three basic security rules, including that device passwords will need to be unique and not resettable to any universal factory setting.

Manufacturers will also need to provide a public point of contact as part of a vulnerability disclosure policy, and will have to explicitly state the minimum length of time for which the device will receive security updates through an end of life policy. 

"These new proposals will help to improve the safety of Internet connected devices and is another milestone in our bid to be a global leader in online safety," Digital Minister Margot James said.

The rules will now enter a consultation period, but if passed, could come into law soon.

"Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers," said National Cyber Security Centre (NCSC) Technical Director Dr Ian Levy.

"This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes."