The connectivity promised by the Internet of Things (IoT) is to be beefed up by mandatory security measures, according to new proposals by the UK government.
The measures appear to have been prompted by fears surrounding the targeting of sensitive, underprotected smart devices in households, compared to better-protected counterparts like smartphones and personal computers.
The UK's Department for Digital, Culture, Media and Sport (DCMS) released a statement this week naming three key measures that it is looking to impose on smart device manufacturers, which it believes will beef up default security levels significantly. These are:
- That consumer devices connected to the internet should all be shipped with unique passwords which cannot be factory reset to a shared default.
- That at the point of purchase, devices should either in-store or online have an explicit statement indicating how long they will continue to receive security updates for.
- That all manufacturers of IoT devices must provide a public-facing point of contact where people can report vulnerabilities in their devices, to ensure that these can be acted upon and fixed swiftly.
At this stage, the measures are only just being outlined. This is a draft of a bill that the government will hope to pass. Rather, it seems to be a statement of intent.
That said, the statement from DCMS refers to the ideas as a "new law", and sets out that the legislation should be created as soon as possible, so it would seem reasonable to expect them to be enacted. This would represent an interesting change, one that might not affect the average consumer's user experience all that much, but could have a positive impact on security.
Privacy is, of course, under the spotlight at the moment, given stories swirling about the likes of Ring selling on user data, and concern over Sonos' u-turn on abandoning security support for older devices.