There is a new cybersecurity standard: IoT device manufacturers need to stop using default passwords and allow for software updates. The question is, are they willing to listen?
Additionally, no sensitive personal data should ever be stored on IoT devices without some form of encryption or other cybersecurity measures, and the consumers must have an easy way to delete data from these devices at any time.
Various IoT devices are gradually entering our lives, including industrial control systems and children’s toys. The problem is, however, that they have been found to be vulnerable to hackers, and this is an industry-wide problem.
The new cybersecurity standards were set by the UK government’s Department for Culture Media and Sport, with the aim of improving the resilience of connected devices and protecting less educated consumers. The core idea is to redirect the burden of having to make them more secure away from the end-users and making them more secure by design.
In total, the government presented 13 guidelines for the manufacturers to follow, with ‘no default passwords’ being at the very top of the list.
Some of the other guidelines touched upon the principles of securely storing the credentials and the manufacturers having to be transparent in terms of how the user data is being used, as well as for what purposes and by whom.
Following these guidelines is not mandatory by law, but the government issued a warning that if they are disregarded by the manufacturers, this might very well change in the future.