Here's how consumers, legislators and vendors can each do their part
By any measure, connected devices are going to play prominent roles in our future lives. They’ll be everywhere – connecting items in our homes, our workplaces, our cars and our public buildings to the web, tracking usage and offering instant access to information and services. Some estimates say IoT connections will triple in just six years, up to 75 billion by 2025.
But, for connected devices to reach their full potential, everyone with a stake in their success will have to ensure that these devices are secure. There’s already plenty of concern about information leaks and compromises to IoT-enabled systems. According to one report, a third of respondents (28%) who haven’t yet purchased a smart device said they wouldn’t buy one due to privacy and security misgivings. Consumers will grow more anxious in the future – if security concerns aren’t addressed.
Further reading: Make sure your in-home IoT is secure
Legislation will need to do its part. Some initiatives are already happening, spurred on by the EU’s GDPR’s worldwide blueprint for new privacy legislation. But other initiatives will have to fall in behind.
California’s cybersecurity bill, the Security of Connected Devices, became law in January 2020. While its requirement on passwords is praised, the rest of the law is considered weak. The law requires that each new device be made with a unique password, requiring a user to “generate a new means of authentication before access is granted to the device for the first time.” That’s a start. The further requirement that each device has “reasonable” and “appropriate” security features is open to interpretation.
A second law, being debated in the UK, requires that manufacturers do three things: institute unique passwords (not resettable to universal factory settings), provide a public point of contact so that anyone can report a flaw and expect timely response, and explicitly state the minimum length of time for which devices will receive security updates at the point of sale.
“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety,” Matt Warman, U.K. Minister for Digital and Broadband, said in a statement. “It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
Security safeguards from just a few key vendors could pave the way for a more secure future for connected devices. For example, Amazon and Google account for over 90% of voice assistant devices globally. Game consoles are dominated by three major players (Microsoft, Sony, Nintendo) in almost every region across the world.
Amazon, for one, is taking positive steps, requiring companies that integrate with the Alexa voice assistant to implement a range of security features. Others need to follow suit.
While manufacturers and governments have their mandates, consumers also need to take steps to protect their connected devices, now and in the future. Here are a few recommendations.
Connected devices are currently a big security issue, as National Cybersecurity Awareness Month comes to a close. However, you can expect continued coverage of this topic well into the future.
Reviewing Tanya Janca's "Alice and Bob Learn Application Security", which is both a crash course in app security for newbies as well as a refresher for those that have been doing the job for a few years.
Learn how to locate and turn off the Significant Locations tracking system service on iPhone, as well as how to delete the old data stored in your device.