IOT Cyber Assurance

What to look for when buying a connected device

Besides computers, laptops, tablets and mobile phones, do you have other objects in your home that connect to the internet? Examples might be a printer, speakers, home appliances, the TV, security cameras and lights. These ‘connected’ devices are collectively known as the ‘internet of things’ (IoT) and they enable you to control their functions from an app on your phone or tablet. In the case of a smart TV, the device can access resources from the internet such as streaming services.
If you can access your smart device online, there is the possibility that other people can also access it. This raises security and privacy questions.

The Product Security and Telecommunications Infrastructure Act 2022 has come into UK law. The first part of which will help ensure that all consumer smart products have good security to protect against threats from the internet.

IoT security threats can include the theft of personal data, the invasion of privacy, or the hijacking of connected device for uses that they were not intended.

  • Consumer IoT devices will not be allowed to have universal default passwords.

This rule will immediately make it harder for criminals to hack into connected devices.

  • Consumer IoT devices will have to have a vulnerability disclosure policy.

This means that any faults that are discovered in the software (which could be used by a criminal to access the device) after the product is in use, can be addressed in an organised way.

  • Consumer IoT devices will need to disclose how long they will receive software updates for.

This means that software updates are created and released to maintain the security of the device throughout its declared lifespan.

When the IASME IoT Cyber scheme badge is displayed on a device, it reassures the end user that the device they are using is compliant with best practice security measures and has been designed to align with UK legislation and standards. These measures will help keep personal data secure when the device is in use.