IOT
The digital explosion, the consumerization of technology and the world of internet connected fridges leads to a range of security and privacy risks.
There’s lots of work that’s occurred in this space, for example there is the : Code of Practice for Consumer IoT Security
https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers
The Code of Practice for Consumer IoT Security (2018) gives the following guidance which has focus across the supply chain from provider to consumer:
- No default passwords
- Implement a vulnerability disclosure policy
- Keep software updated
- Securely store credentials and security-sensitive data
- Communicate securely
- Minimise exposed attack surfaces
- Ensure software integrity
- Ensure that personal data is protected
- Make systems resilient to outages
- Monitor system telemetry data
- Make it easy for consumers to delete personal data
- Make installation and maintenance of devices easy
- Validate input data
On top of this I’d give this advice for consumers:
- Consider the vendor
- Consider the purpose of the device
- Consider if you are happy with the risks to reward ratio
- Connect IOT devices to guest WIFI networks (that are 802,11x isolated) (Contac your ISP for help if you need to)
- Do not re-use passwords
- Consider using email aliases for usernames
- Ensure devices are up to date
With all things in life there is a matter of choice, consumers should be aware, that required, education and awareness, but we should most certainly not be putting the heavy burden onto the consumers and it should be on suppliers. Luckily there’s lots of good occurring in this space in the UK, Europe and beyond!
References
https://iasme.co.uk/iot-consumer-advice/
https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers
https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf