Security for smart home technology found in millions of homes is due to be beefed up for consumers.
Manufacturers of gadgets from routers to smart televisions will have to make sure their devices defeat hackers for the lifetime of the product.
In the UK alone, the new security rules are expected to cover more than 420 million devices by 2020.
Experts say poor device security leaves a technology back door open for hackers to exploit home networks and for the theft of private data.
They cite recent security scares involving CCTV, toys and smart watches.
Embedded solutions
The UK’s National Cyber Security Centre wants technology firms to embed security into their devices rather than bolt-on solutions.
Margot James, Minister for Digital and the Creative Industries, said: “We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives.
“We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.
“This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”
Code for tech firms
A code for manufacturers covers six key points:
- All passwords on new devices should be unique and not resettable to a factory default, such as ‘admin’
- Companies should have a vulnerability policy and public point of contact, so security researchers and others can report issues for immediate action
- Sensitive data transmitted over apps or products must be encrypted
- Software is automatically updated with clear guidance for customers
- Consumers should easily be able to delete personal data on devices and products;
- Installation and maintenance of devices is easy
NCSC Technical Director Dr Ian Levy said: “The NCSC is committed to ensuring the UK has the best security it can, and stop people being expected to make impossible safety judgements with no useful information.
“Shoppers should be given high quality information to make choices at the counter. We manage it with fat content of food and this is the start of doing the same for the cyber security of technology products.”
>