The UK government is finally getting tough on the makers of internet-connected smart TVs, cameras, and smart home devices.
Now manufacturers will be expected to build in uncrackable security measures that should last the lifetime of the device.
The call comes after repeated stories highlighting how easily digital assistants like Amazon’s Alexa can be hacked, and how an entire home full of smart devices could be taken over and used for nefarious purposes.
Hacking your house is easy
The government has been slow to act and even slower to legislate, so other agencies have had to lead the warning charge to stop homes getting hacked.
University researchers claimed to be able to mug an Alexa with a high-frequency device costing just $4.
Then Which? revealed how popular smart toys could easily be taken over remotely and used to spy on children, while Durham police called for smart fridges to come with security ratings last year over fears they could be compromised.
Because these devices will be linked to a family’s bank account to re-order shopping, there’s potential for big losses if the security keys fall into the wrong hands.
And when a man found his Alexa had wrongly ordered cat food because a TV advert told the machine to do it, it’s unsurprising people are getting nervous.
Manufacturers will have to collaborate with the UK’s National Cyber Security Centre (NCSC) to embed security in the design process rather than as an afterthought.
Among the steps for manufacturers, service providers and developers, the NCSC report encourages them to make sure all passwords on new devices and products are unique and not resettable to factory defaults.
- Companies should have a vulnerability policy and public point of contact so reporting an issue is straightforward and acted on immediately.
- All sensitive data should be encrypted, and software updated automatically.
- Make it easy for consumers to delete personal data.
- Make sure installation and maintenance of devices are straightforward.
While the crux of the report is aimed at manufacturers there are also vital tips for us consumers.
We should always research the security of a product before buying it.
Check all available security settings and if there is a two-step authentication option then use it.
Always check your home router does not have a default password or username and change any default passwords found in devices.
And regularly check the manufacturers’ website if there are any updates available.