Lawmakers want to stop a future filled with smart devices and bad security

ronjor · Apr 30, 2019

By Alfred Ng April 30, 2019

Connected devices don't have any regulations requiring basic security measures, but that could be changing. In September, lawmakers in California passed the country's first internet of things security law, which requires "reasonable" features like ending default passwords on devices.
Click to expand...

guest · Jan 30, 2020

Why the UK is banning default passwords in IoT devices
January 27, 2020
https://tech.newstatesman.com/security/uk-banning-default-passwords

From washing machines and children’s toys to personal assistants, we are increasingly seeing more of our daily lives connected to the internet.
In fact, research suggests by 2025 there will be 75 billion internet connected devices in homes around the world.

However, the current security standards of many of these devices are low and the security and privacy risks are too great.
So today I’ve announced we are developing new legislation to hold firms manufacturing and stocking internet-connected devices to account to stop hackers threatening people’s privacy and safety.

These measures will mean all the passwords pre-programmed in internet-connected devices must be unique and not resettable to any universal factory setting.
Click to expand...

guest · Jan 30, 2020

mood said: ↑

Why the UK is banning default passwords in IoT devices
January 27, 2020
Click to expand...

IoT laws are coming: What to expect
No more default logins on new IoT devices if UK legislators get their way
January 30, 2020
https://www.welivesecurity.com/2020/01/30/iot-laws-are-coming-what-to-expect/

[...] IoT developers have been slow to adopt. Lawmakers in California took some notice in 2018, and now it seems that legislators in the United Kingdom want to take things to the next level, too.
While it’s unclear whether the proposed legislation will be adopted, UK MP’s have this to say: [...]

Setting a lifespan for firmware updates certainly does cost more since companies would be paying to support firmware that would no longer directly result in revenue.
It’s unclear whether customers understand the importance of knowing the support lifespan until it lapses years later and vulnerabilities are then discovered.

Everyone knows someone with a 5- or 10-year-old home router, for which support has long since lapsed while the device itself is still actively in use.
And that’s the problem.
Click to expand...

One more thing: the UK lawmakers seek to compel companies to maintain a security point-of-contact, something that’s all-but-impossible to find today, especially in smaller companies.
Click to expand...

Minimalist · Mar 3, 2020

Singapore to introduce security label for smart home devices

Singapore is planning to introduce a Cybersecurity Labelling Scheme for home routers and smart home hubs as part of efforts to increase awareness about using secured products. It also hopes the initiative will push manufacturers to deploy enhanced cybersecurity measures and will be looking to mandate a set of minimum security requirements for home routers.
Click to expand...

https://www.zdnet.com/article/singapore-to-introduce-security-label-for-smart-home-devices/

guest · Jul 17, 2020

Insecure IoT devices could be banned and destroyed if they fail to meet UK security standards
July 17, 2020
https://www.bitdefender.com/box/blo...ed-destroyed-fail-meet-uk-security-standards/

IoT devices could be banned from sale and destroyed if they fail to meet basic security standards, according to proposals put forward by the UK Government.

The UK Government Department for Digital, Culture, Media and Sport (DCMS) has published proposals for a new law designed to protect purchasers of so-called “smart devices” from cybercriminals.
Working with the National Cyber Security Centre (NCSC), the DCMS has detailed three key requirements that it wants IoT device manufacturers to follow – and the potential penalties it is prepared to mete out if they are not met.
Click to expand...

Ban universal default passwords in consumer smart products
On too many occasions we have seen botnets recruit millions of unsecured IoT devices simply because they are using a default password that owners either have not changed or did not know how to change.
Implement a means to manage reports of vulnerabilities
The DCMS proposal says it is essential for manufacturers of consumer IoT products to provide a “transparent route for external parties to report vulnerabilities and receive useful feedback.”
Provide transparency on for how long, at a minimum, the product will receive security updates
Knowing the minimum period of time for which a product will receive security updates helps the consumer make an informed choice about which IoT device to purchase.
Click to expand...

guest · Oct 16, 2020

Minimalist said: ↑

Singapore to introduce security label for smart home devices

https://www.zdnet.com/article/singapore-to-introduce-security-label-for-smart-home-devices/
Click to expand...

Singapore Launches IoT Cybersecurity Labelling
Labels Will Indicate What Security Standards Products Meet
October 16, 2020
https://www.inforisktoday.com/singapore-launches-iot-cybersecurity-labelling-a-15187

Singapore has launched an IoT cybersecurity labelling program intended to improve the security of internet-connected consumer products.

The Cybersecurity Labelling Scheme will focus first on Wi-Fi routers and smart home hubs, according to the Cyber Security Agency of Singapore.

"Amid the growth in number of IoT products in the market, and in view of the short time-to-market and quick obsolescence, many consumer IoT products have been designed to optimize functionality and cost over security," the Cyber Security Agency says.
"As a result, many devices are being sold with poor cybersecurity provisions, with little to no security features built-in."
Click to expand...

Four Testing Levels
Singapore's program is voluntary for manufacturers for now, but the nation intends eventually to make it mandatory.
The label is valid for up to three years as long as a company continues to deliver security updates
Click to expand...

Log in or Sign up

Lawmakers want to stop a future filled with smart devices and bad security

ronjor Global Moderator

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

Log in or Sign up

Lawmakers want to stop a future filled with smart devices and bad security

ronjor Global Moderator

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

Useful Searches