IoT security? We've heard of it, says UK.gov waving new regs

Department of Fun straps on a holster, strides into the wild west of online gadget users


The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets connected to the web more secure.

The Department of Digital, Culture, Media and Sport said it will require makers of IoT hardware to ship devices with unique passwords that cannot be reset to a factory default setting.

The regulation will also require these companies to "explicitly state" how long they will continue to support devices when customers purchase the product, and appoint someone – one throat to choke – to act as a point of contact so that punters can more easily report issues.

"Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety," digital Minister Matt Warman – a former Telegraph hack – said in a statement. "It will mean robust security standards are built in from the design stage and not bolted on as an afterthought."

The regulation is a belated step in the right direction, some in the infosec community told us. "The result of the consultation show strong support for regulation of the wild west that is IoT security," said Ken Munro, a security researcher at infosec firm Pen Test Partners. "Next, the government needs to step up and legislate quickly to protect us from those smart device vendors who don't treat our privacy and security with the respect they should do."

But others, such as Jason Nurse, an assistant professor in cybersecurity at the University of Kent, worry how effective the regulations will be in practice. "If manufacturers require consumers to setup new passwords at product installation, these individuals will need to manage these passwords for each connected device," he told us.

"This could significantly increase the number of passwords the average household has to manage – and there are also questions about what happens when such passwords are forgotten or misplaced."

Smart devices have become a booming part of consumer electronics in recent years. But experts have warned that many devices are vulnerable to hackers and eavesdropping. In December, hackers were able to infiltrate the bedroom of an eight-year-old child via a Ring home security camera installed in her bedroom. The Amazon-owned company unveiled new privacy features at CES earlier this month. ®

Similar topics


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading

Biting the hand that feeds IT © 1998–2022