IOT

The digital explosion, the consumerization of technology and the world of internet connected fridges leads to a range of security and privacy risks.

There’s lots of work that’s occurred in this space, for example there is the : Code of Practice for Consumer IoT Security

https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers

The Code of Practice for Consumer IoT Security (2018) gives the following guidance which has focus across the supply chain from provider to consumer:

  1. No default passwords
  2. Implement a vulnerability disclosure policy
  3. Keep software updated
  4. Securely store credentials and security-sensitive data
  5. Communicate securely
  6. Minimise exposed attack surfaces
  7. Ensure software integrity
  8. Ensure that personal data is protected
  9. Make systems resilient to outages
  10. Monitor system telemetry data
  11. Make it easy for consumers to delete personal data
  12. Make installation and maintenance of devices easy
  13. Validate input data

On top of this I’d give this advice for consumers:

  • Consider the vendor
  • Consider the purpose of the device
  • Consider if you are happy with the risks to reward ratio
  • Connect IOT devices to guest WIFI networks (that are 802,11x isolated) (Contac your ISP for help if you need to)
  • Do not re-use passwords
  • Consider using email aliases for usernames
  • Ensure devices are up to date

With all things in life there is a matter of choice, consumers should be aware, that required, education and awareness, but we should most certainly not be putting the heavy burden onto the consumers and it should be on suppliers. Luckily there’s lots of good occurring in this space in the UK, Europe and beyond!

References

https://iasme.co.uk/iot-consumer-advice/

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/971440/Code_of_Practice_for_Consumer_IoT_Security_October_2018_V2.pdf

https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers

https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf