United KINGDOM smart device rules “need more bite”

The BRITISH government has announced guidelines to make internet-connected devices safe to use after a series of security breaches.

It includes travel to make sure that the passwords are unique and programmable, factory default, and that the sensitive data transmitted via the application is encrypted.

But the guidelines are not binding, which has led some to question the effectiveness.

An expert has said that they would not stop “irresponsible” of the manufacturers.

As well as the strengthening of the guidance on passwords and recommended encryption, the Security of the government’s review of the proposed Design:

The device manufacturers have a point of contact so that security researchers can report the problems immediately
The software should be automatically updated with clear guidance for customers
It should be easy for consumers to delete personal data
Installation and maintenance should be easy for the consumer

The government estimates that each household in the UK owns at least 10 internet-connected devices – a number expected to grow to 15 by 2020.

In Germany there is a ban on the sale of smartwatches aimed at children, and the internet connected doll My Friend Cayla over fears that the two could act as spy devices.”Fast and loose”

Ken Munro, an analyst at the security firm Pen Test Partners, from the review: “This is a good start, but it lacks too much to be of much use.”

He said: “Responsible IoT (internet of things), the manufacturers are already addressing security. It is the irresponsible manufacturers who are not interested, do not care of our safety and security or who refuse to security for cost reasons that we need to worry about.

“Without teeth”, this standard is meaningless. The manufacturers who are already playing fast and loose with our safety to make money quickly we’re not going to change anything.”

Mr. Munro has also revealed that the proposed measures would not have prevented many of the recently reported violations of the security of smart devices, such as the Mirai botnet that used internet-connected devices such as CCTV cameras and printers in order to attack popular web sites.
Germany bans children smartwatches
Smart home devices used as weapons in the web site attack
How hackers can use the doll to open your front door

Margot James, minister of the digital and creative industries, said: “We want everyone to take advantage of the enormous potential of internet-connected devices, and it is important that they are safe and have a positive impact on the lives of the people.

“We have worked with the industry to develop a tough new set of rules to ensure that substantial security measures are integrated in all the days of the technology from the time it is developed.”

Dr. Ian Levy, of the National Cyber Security Center, who worked on the review, said he hoped that the guidelines could act as a “kitemark” for such goods.

Analysis: Rory Cellan-Jones, technology correspondent

To connected to the internet, the dolls, which can be learned to swear of webcams that can be hacked and has been engaged in a network of zombies, the dangers of this new world where everything is online are more obvious.

This is not so clear is whether the new voluntary code of conduct that will make all the difference.

The key word is voluntary. The kind of manufacturers that will sign a code are likely to be quite responsible already, but there are many others, whose only goal is to stack their insecurity products and sell them at low prices.

The new policy only works when online retailers refuse to stock products that do not comply with the code – even DCMS (Department, Digital, Culture, Media and Sport) can’t even tell if Amazon is involved in this initiative.

Still, the consumer group Which? supported the code as a good first step, the pleasure that there is at least an effort to define what makes a good product secure.

Now, there will be pressure to give him some teeth in amending consumer protection laws to deal with this new threat to our security.