2 min read

EU security body calls for a security trust mark for IoT devices

Graham CLULEY

May 24, 2017

EU security body calls for a security trust mark for IoT devices

For all the excitement and buzz around the Internet of Things, spurred on by connected gadgets being sold in great numbers both online and on the high street, there is no denying that it has a serious problem.

And the problem is that often IoT devices are found to be lacking when it comes to security and protecting their owners’ privacy.

As we have often documented on this blog, time after time vulnerabilities are found in IoT devices giving hackers an opportunity to spy on unsuspecting users, steal information, or even hijack gadgets to perform internet attacks on others.

Take, for instance, the millions of IP cameras and routers that have been hijacked into botnets in recent months to launch devastating denial-of-service attacks against innocent websites.

A failure to build security and privacy into a device from the outset has resulted in devices leaking information or leaving open backdoors through which malicious hackers can sneak into owners’ private lives.

With an estimated 20-50 billion connected devices expected to hit the market by 2020, this isn’t a problem that’s going to be going away any time soon.

As more and more internet-enabled devices enter the home, developed by a wide variety of vendors who often exhibit little to no understanding of security issues, it’s clear that there’s a burning need to promote best practices more widely.

Enter ENISA, the EU Agency for Network and Information Security, which has produced a paper calling for internet connected devices sold in Europe to carry a trust label which could help consumers make wiser purchasing decisions.

Such a label would work like the CE mark (The letters “CE” are the abbreviation of French phrase “Conformité Européene”), used across Europe to signify electronic devices that have reached specific standards.

A similar system is in place in the United States, which uses the FCC mark for electronic products.

If ENISA gets its way, we might begin to see devices that have reached at least a minimum standard for security, granted a label of conformity.

As an ENISA proposal explains:

Currently there is no basic level, no level zero defined for the security and privacy of connected and smart devices. There are also no legal guidelines for trust of IoT devices and services and no precautionary requirements in place. This is why we recommend effective baseline requirements for security and privacy in the networked architecture and value chain as a whole: from simple IoT devices up to complex IoT systems like connected cars and factories. Stakeholders need an equal and level playing field to implement trust into connected devices and services.

With so many IoT devices failing so badly at security and privacy, I can’t help but welcome any attempt to improve standards.

But what does worry me is that standards can get out-of-date rapidly in the world of infosecurity – and there is a danger that some manufacturers would view any “IoT trust mark” as a tick box that – once achieved – can then be ignored.

Standards like those proposed by ENISA should be viewed as a starting point, not a finishing line, and woe betide any vendor who cuts corners with their customers’ security and privacy in an attempt to save money or make their product’s design simpler.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software
Silviu STAHIE

September 23, 2021

1 min read
What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer? What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?
Filip TRUȚĂ

September 23, 2021

2 min read
Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day
Silviu STAHIE

September 22, 2021

1 min read