The government has issued a new set of rules for IoT devices in order to make them more secure and easier to update.
The new code of practice for IoT device makers is called Secure by Design and it has been launched by the DCMS and NCSC. It is based on the advice of security experts, consumer organisations, academia and the industry.
One of the guidelines points out that default usernames and passwords should be eliminated from the design altogether. This will ensure that these devices can’t be compromised by any amateur hacker without any real effort.
Another one recommends that manufacturers should have a cybersecurity vulnerability disclosure policy in place. In other words, these kinds of vulnerabilities should be reported and acted upon in the sense of providing a patch as soon as possible.
Moreover, IoT devices should be designed in such a way that it’s simple for the consumers to maintain them without compromising their inherent security. Also, any data stored on these devices should be stored securely and the users should have the option of deleting it at any time they choose to do so.
There are 13 recommendations in total, the implementation of which should help keep the users safe and GDPR compliant.
Hopefully, the manufacturers will take these to heart. Currently, only two of them have made a public pledge to follow them; namely, Centrica Hive and HP. Even though these are not compulsory, by choosing to ignore them, product makers are not only putting themselves at risk from hackers but users as well.