Stickers emerge as EU's weapon against dud IoT security

Whitegoods-inspired security rating scheme under discussion


The European Commission is readying a push to get companies to produce labels that reveal the security baked into internet-of-things things.

The labelling effort is part of a broader push to drive companies to better handle security controls and privacy data in the notoriously insecure and leaky devices.

Deputy head of cabinet Thibault Kleiner told Euractiv the Commission may push companies to develop labelling for secure internet-of-things devices.

The stickers plan is modelled on labels applied to white goods and other domestic appliances, as consumers apparently understand this kind of labelling.

The Commission will have a mammoth task ahead of it because internet of things things are notoriously insecure. The world's sloppiest security appears time and again inside things, with flaws like missing and default passwords common while web servers are often left in parlous states that allow remote code execution and worse.

The risk posed by sloppily-secured things was demonstrated neatly by a recent DDoS attack, rated the world's largest to date, which emerged from a large internet of things botnet.

By the time the EC gets its stickers sorted, millions of badly-secured devices will already be in circulation. Perhaps an effort to explain firmware upgrades to lay-people is also needed. ®

Similar topics


Other stories you might like

  • What if ransomware evolved to hit IoT in the enterprise?
    Proof-of-concept lab work demos potential future threat

    Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.

    The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology (OT) systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.

    In other words: a complete albeit theoretical corporate nightmare.

    Continue reading
  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading
  • Ubuntu releases Core 22: Its IoT and edge distro
    A tougher nut to crack than the regular flavor, some will find it very tasty

    Canonical's Linux distro for edge devices and the Internet of Things, Ubuntu Core 22, is out.

    This is the fourth release of Ubuntu Core, and as you might guess from the version number, it's based on the current Long Term Support release of Ubuntu, version 22.04.

    Ubuntu Core is quite a different product from normal Ubuntu, even the text-only Ubuntu Server. Core has no conventional package manager, just Snap, and the OS itself is built from Snap packages. Snap installations and updates are transactional: this means that either they succeed completely, or the OS automatically rolls them back, leaving no trace except an entry in a log file.

    Continue reading

Biting the hand that feeds IT © 1998–2022