What to look for when buying a connected device

Besides computers, laptops, tablets and mobile phones, do you have other objects in your home that connect to the internet? Examples might be a printer, speakers, the TV, security cameras and lights. These ‘connected’ devices are collectively known as the ‘internet of things’ (IoT) and they enable you to control their functions from an app on your phone or tablet. In the case of a smart TV, the device can access resources from the internet such as streaming services.
If you can access your smart device online, there is the possibility that other people can also access it. This raises security and privacy questions.
The UK Government is planning to introduce some new legislation that addresses the security of consumer IoT devices. These new laws will help protect us all from threats from the internet such as the theft of our personal data, the invasion of our privacy, or the hijacking of our device for uses that were not intended.
The new laws are expected to cover three main security features which are aligned with the top three requirements of the European Technical Standard for IoT Security.

  • Consumer IoT devices will not be allowed to have universal default passwords.

This rule will immediately make it harder for criminals to hack into connected devices.

  • Consumer IoT devices will have to have a vulnerability disclosure policy.

This means that any faults that are discovered in the software (which could be used by a criminal to access the device) after the product is in use, can be addressed in an organised way.

  • Consumer IoT devices will need to disclose how long they will receive software updates for.

This means that software updates are created and released to maintain the security of the device throughout its declared lifespan.

When the IoT Security Assured scheme badge is displayed on a device it reassures the end user that the device they are using is compliant with best practice security measures and has been designed to align with UK legislation and standards. These measures will help keep personal data secure when the device is in use.