The UK government is finally getting tough on the makers of internet-connected smart TVs, cameras, and smart home devices.
Now manufacturers will be expected to build in uncrackable security measures that should last the lifetime of the device.
The call comes after repeated stories highlighting how easily digital assistants like Amazon’s Alexa can be hacked, and how an entire home full of smart devices could be taken over and used for nefarious purposes.
Hacking your house is easy
The government has been slow to act and even slower to legislate, so other agencies have had to lead the warning charge to stop homes getting hacked.
University researchers claimed to be able to mug an Alexa with a high-frequency device costing just $4.
Then Which? revealed how popular smart toys could easily be taken over remotely and used to spy on children, while Durham police called for smart fridges to come with security ratings last year over fears they could be compromised.
Because these devices will be linked to a family’s bank account to re-order shopping, there’s potential for big losses if the security keys fall into the wrong hands.
And when a man found his Alexa had wrongly ordered cat food because a TV advert told the machine to do it, it’s unsurprising people are getting nervous.
Manufacturers will have to collaborate with the UK’s National Cyber Security Centre (NCSC) to embed security in the design process rather than as an afterthought.
We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives.
We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.
This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.- Margot James MP: Minister for Digital and Creative Industries
Among the steps for manufacturers, service providers and developers, the NCSC report encourages them to make sure all passwords on new devices and products are unique and not resettable to factory defaults.
- Companies should have a vulnerability policy and public point of contact so reporting an issue is straightforward and acted on immediately.
- All sensitive data should be encrypted, and software updated automatically.
- Make it easy for consumers to delete personal data.
- Make sure installation and maintenance of devices are straightforward.
With connected devices becoming increasingly popular, it’s vital that consumers are not exposed to the risk of cyberattacks through products that are vulnerable through manufacturers’ poor design and production.
Companies must ensure that the safety of their customers is the absolute priority when ‘smart’ products are designed. If strong security standards are not already in place when these products hit the shelves, then they should not be sold.- Alex Neill: Managing Director of Home Products and Services, Which?
While the crux of the report is aimed at manufacturers there are also vital tips for us consumers.
We should always research the security of a product before buying it.
Check all available security settings and if there is a two-step authentication option then use it.
Always check your home router does not have a default password or username and change any default passwords found in devices.
And regularly check the manufacturers’ website if there are any updates available.