The UK government has outlined a new proposal that will force all smart TVs, smart tech and IoT products to carry a warning label telling consumers how easy they are to hack.
These products could be banned in the UK if they fail to tell consumers whether they meet basic security standards.
“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” said digital Minister Margot James. “Our Code of Practice was the first step towards making sure that products have safety features built in from the design stage and not bolted on as an afterthought.”
David Emm, principal security researcher at Kaspersky Lab UK, commented on the news.
“We welcome the proposal to require companies marketing smart devices to comply with minimum security standards,” said Emm. “Smart versions of products that have never traditionally been connected, such as baby monitors and televisions, have been available to buy for some years now, while remaining vulnerable to cyber-attacks due to the failure of many companies to build in security at the design stage when developing smart devices.
“Having an industry standard requirement, that all connected products must adhere to, would make all items available to purchase much safer when used in homes across the country,” explained Emm.
“The labelling system that is proposed can only enhance this, allowing consumers to easily check if smart devices are compliant. This a very positive step in making sure consumers are safeguarded, and much better equipped, than they have ever been before.
“For too long there has been a neglectful attitude towards customer protection, and with billions upon billions of connected devices operating everyday around the world, it’s reassuring to see that action is finally being taken.”
David Orme, senior vice president at IDEX Biometrics agrees that this is a step in the right direction, but more needs to be done to protect consumers against hackers when using IoT devices.
“This is very much a short-term solution to what is becoming an increasingly urgent security problem and needs to reach beyond current security threats.
“In today’s rapidly advancing digital landscape, where more and more devices are being connected through IoT, a higher level of authentication is required to protect connected devices vulnerable to hackers and current limited security measures, such as passwords which are no longer enough on their own,” said Orme.
“Manufacturers of IoT devices must look to incorporate biometric fingerprint authentication, so device owners can be safe in the knowledge that any orders have been authenticated only by them, mitigating malicious intent.
“One way of doing so is for banks and IoT manufacturers to work together, to integrate NFC PoS systems into IoT devices, so users can simply present their biometric smart payment card to authenticate orders with their fingerprint.”
Orme explained: “Biometric data stored in this smart card is virtually impossible for criminals to hack or intercept, and impossible for anybody that isn’t the card owner to replicate. The only person who can authenticate an action, permission or transaction, where biometrics are involved is the person whose fingerprint is held as a record on the device.”
Entries for PCR 30 Under 30 are now open. Nominate yourself or a colleague now!