2 min read

EU security body calls for a security trust mark for IoT devices

Graham CLULEY

May 24, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
EU security body calls for a security trust mark for IoT devices

For all the excitement and buzz around the Internet of Things, spurred on by connected gadgets being sold in great numbers both online and on the high street, there is no denying that it has a serious problem.

And the problem is that often IoT devices are found to be lacking when it comes to security and protecting their owners’ privacy.

As we have often documented on this blog, time after time vulnerabilities are found in IoT devices giving hackers an opportunity to spy on unsuspecting users, steal information, or even hijack gadgets to perform internet attacks on others.

Take, for instance, the millions of IP cameras and routers that have been hijacked into botnets in recent months to launch devastating denial-of-service attacks against innocent websites.

A failure to build security and privacy into a device from the outset has resulted in devices leaking information or leaving open backdoors through which malicious hackers can sneak into owners’ private lives.

With an estimated 20-50 billion connected devices expected to hit the market by 2020, this isn’t a problem that’s going to be going away any time soon.

As more and more internet-enabled devices enter the home, developed by a wide variety of vendors who often exhibit little to no understanding of security issues, it’s clear that there’s a burning need to promote best practices more widely.

Enter ENISA, the EU Agency for Network and Information Security, which has produced a paper calling for internet connected devices sold in Europe to carry a trust label which could help consumers make wiser purchasing decisions.

Such a label would work like the CE mark (The letters “CE” are the abbreviation of French phrase “Conformité Européene”), used across Europe to signify electronic devices that have reached specific standards.

A similar system is in place in the United States, which uses the FCC mark for electronic products.

If ENISA gets its way, we might begin to see devices that have reached at least a minimum standard for security, granted a label of conformity.

As an ENISA proposal explains:

Currently there is no basic level, no level zero defined for the security and privacy of connected and smart devices. There are also no legal guidelines for trust of IoT devices and services and no precautionary requirements in place. This is why we recommend effective baseline requirements for security and privacy in the networked architecture and value chain as a whole: from simple IoT devices up to complex IoT systems like connected cars and factories. Stakeholders need an equal and level playing field to implement trust into connected devices and services.

With so many IoT devices failing so badly at security and privacy, I can’t help but welcome any attempt to improve standards.

But what does worry me is that standards can get out-of-date rapidly in the world of infosecurity – and there is a danger that some manufacturers would view any “IoT trust mark” as a tick box that – once achieved – can then be ignored.

Standards like those proposed by ENISA should be viewed as a starting point, not a finishing line, and woe betide any vendor who cuts corners with their customers’ security and privacy in an attempt to save money or make their product’s design simpler.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read