British police official eyes security ratings for IoT-connected devices
This entry was posted on Tuesday, August 1st, 2017.
A British police official has suggested that televisions, fridges and other internet-connected home appliances should carry a cyber security score alongside energy efficiency ratings.
“Whenever you go into a store now you see fridges and its A down to F in terms of its energy efficiency. [Yet], where are the security ratings?” Durham chief constable Mike Barton, the national policing lead for crime operations, told the UK-based Guardian.
“You’ve got a situation where we don’t know what the security is like in the devices we are buying in the internet of things. It’s just not reported. And yet that is the most significant component of what it is you are buying.”
As Barton emphasizes, IoT devices are typically plugged into the same home network.
“[Essentially, this] is a back door into your network,” he added.
It should be noted that a wide range of vulnerable IoT devices have been exploited and used for nefarious purposes. For example, a new report by Darktrace (cited by BleepingComputer) confirms that smart drawing pads belonging to an architectural firm were compromised and used to carry out DDoS attacks as part of an IoT botnet, while a U.S. insurance company had its servers hijacked by a cryptocurrency miner. In addition, attackers managed to steal data from a casino by first accessing a smart fish tank located in the company.
Perhaps not surprisingly, IoT security has become top-of-mind for consumers across the globe in recent months. According to a new survey conducted by Irdeto, 90% of consumers polled from six different countries believe it is important that a connected device has security built into the product. Additionally, 78% of the 7,882 consumers surveyed indicated they are aware that any smart device connected to the Wi-Fi in their home has the potential to be targeted by a hacker, resulting in a cyberattack that could steal the personal data stored on the device.
As we’ve previously discussed on Rambus Press, some IoT device manufacturers currently view security as a zero-sum game, with liability, risks and high costs piling up no matter which way they turn. As such, the industry needs to understand the very real concerns of OEMs who are struggling to implement even the most basic levels of IoT security.
In practical terms, this means IoT security solutions should be affordable and ready out of the box. Additional layers of security, if needed, can be added based on a changing threat landscape. A complete and scalable security solution that covers the device and the cloud service is perhaps the most effective. This will allow OEMs to reduce their costs and time to market, while services can minimize in-field device setup, customization and maintenance.