Government calls for revamp in IoT security; will manufacturers listen?
WWT's Matthew Berry comments on the UK government's recent announcement about its intent to create focus on IoT security.
Posted by SC Magazine UK on March 7, 2018:
Amid rising concerns about the security of IoT devices, the government today announced its intent to make manufacturers of IoT devices responsible for the security of their products, while also proposing new rules to ensure that buyers are aware of security features in such devices at the time of purchase.
Even though the adoption rate of IoT devices in the UK has been quite healthy, if not the fastest in the world, the IoT industry is still beset with several critical issues as far as the security around such devices is concerned.
While security researchers have, time and again, exposed glaring vulnerabilities in a large number of such devices that could compromise the security and privacy of consumers, manufacturers of such devices have shown little concern towards improving product security, while continuing to churning out a large number of IoT devices.
Having taken note of such concerns, the government today announced new measures to ensure that IoT devices will not only be 'secure by design', but also to ensure that buyers of IoT devices will be able to make informed decisions while purchasing new devices which might promise great new features but may contain critical security flaws at the same time.
"Poorly secured devices threaten individuals' online security, privacy, safety, and could be exploited as part of large-scale cyber attacks. Recent high-profile breaches putting people's data and security at risk include attacks on smart watches, CCTV cameras and children's dolls," it said.
Are consumers serious about their own security?
Matthew Berry, from the Global Security Practice at World Wide Technology, says that the problem is more about the seriousness of consumers, or lack of it, about the security of their IoT devices.
"Think about the typical consumer who purchases an IoT device and exposes it to the Internet. They are not likely to visit the vendor's site to look for security updates. Even if an update is made available it's not likely to be installed," he laments.