UK government to increase security on IoT devices

UK government to increase security on IoT devices

In the future, it’s not just your laptop that will need a firewall: try your front door, mirror, refrigerator or any other Internet of Things (IoT) device in your home.

The UK government are proposing that all IoT-connected devices will need to measure up to basic security standards. The plans will help to protect all kinds of “smart” objects, including a new mandatory labelling scheme to identify IoT products that meet these new security measures.

The new code of practice for IoT devices will ensure that IoT device passwords are unique and cannot be reset to a factory setting, manufacturers of IoT products offer a public point of contact as part of their disclosure policy, and that they explicitly state the minimum length of time that a device will receive security updates through an end of life policy.

“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” said Digital Minister Margot James. “Our Code of Practice was the first step towards making sure that products have security features built in from the design stage and not bolted on as an afterthought.”

What are the threats?

In November 2017, a report by Which found that four out of seven popular IoT toys could be hacked to allow strangers to manipulate built-in voice modules and communicate with children. However, it’s not just in the home that IoT poses a security risk.

Any connected device can be an entry point to personal data, whether that’s a car or a fitness tracking device. IoT is transforming not just our home lives though but all kinds of sectors: the impact that it’s had in the healthcare industry, for example, is sizeable, with advances in patient monitoring, automated drug dose delivery and equipment tracking all helping to make medical professionals’ jobs easier.

Security is a big problem in healthcare: manufacturers have recalled insulin pumps and pacemakers due to security issues in the past and healthcare apps contain plenty of sensitive information that’s an attractive target for cybercriminals. It’s possible for hackers not just to find details of your prescriptions, but steal a victim’s identity or resell information on the dark web.

Should a cybercriminal take control over IoT equipment directly, results could be deadly. In recent years, sinister reports have surfaced, telling of how cardiovascular imaging devices can be exploited with high-severity code execution flaws and vital signs monitors can be altered to simulate a flatline on a patient’s heartbeat.

Whether in a home, a hospital or an office, IoT devices offer gateways to secured networks. Malware and ransomware can find its way onto a network via any device that’s unprotected.

How can IoT security be improved?

Despite the sinister scenarios and strong warnings, IoT security can be bolstered. Though hackers are a worry when it comes to Bluetooth-connected devices, there are ways to ensure that you’re always one step ahead.

Most IoT devices don’t have a screen or keypad however to enter a password, so MFA is more suited to admin level than user level.

Multi-factor authentication (MFA) is one way that technology can beat password hackers. You may well be using it on your social media accounts already, but MFA sends an SMS code to your smartphone to authenticate your identity. Simply having a password is what’s known as “the knowledge factor”, which is why complex passwords are necessary. However, sometimes complexity isn’t enough to keep criminals at bay: MFA adds a layer of security on top with “the possession factor”. Having a physical smartphone on your person to keep your IoT device secure is akin to having a key to a safe, rather than just knowing the combination that opens it.

On top of this, there’s also “the inherent factor”. This is any kind of biometric detail like fingerprints, retina scans or voice recognition. Ideally, MFA needs to be simple and convenient for users. Most IoT devices don’t have a screen or keypad however to enter a password, so MFA is more suited to admin level than user level.

Ideally, an IoT device should have different security levels for if it’s used for access or authentication. Data encryption and intrusion prevention systems are also viable ways to stay secure though. Encoding electronic health records, for example, could avoid hacking of sensitive information that’s left in storage, while intrusion prevention systems can identify and block unauthorised connections to your network.

The Use of Blockchain

More and more technology is adopting blockchain to secure data. Blockchain is seen as the perfect advanced security solution for many, as it induces encryption methods such as public key infrastructure (PKI).

IoT smart devices must be controlled by a central authority. With permission-based blockchain however, all users are authorised to access a network, but each device is accountable for its actions, as all data stored on the blockchain is signed.

An image of iot, IoT, UK government to increase security on IoT devices

Luke Conrad

Technology & Marketing Enthusiast

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!

What are Multi-core Safety-Critical Avionics?

Wind River • 13th March 2024

A multi-core processor is a type of central processing unit that integrates multiple individual processing units onto a single chip. It supports different cores executing their tasks simultaneously, for quick and enhanced overall performance. Multi-core processors nowadays support safety-critical avionics. Find out more about what multi-core processors are, what multi-core safety-critical avionics are, and how...

Why Transition from 4G to 5G+ vRAN/O-RAN?

Emily Goldshteyn • 13th March 2024

The journey from legacy to 5G doesn’t have to be off-putting. It is a process that, if approached strategically, can make your company a pioneer in the digital age. Virtual and Open RAN, which come with broader choices of technology options and greater flexibility, are giving service providers greater opportunity as they transition their networks....