Plan To Secure Internet Of Things With New Law

Image copyright Getty Images

The rapidly growing "internet of things" (IOT) - internet-connected gadgets - would have to be made more secure under proposed new laws.

Security vulnerabilities that could be targeted by hackers have been found in everything from toy dolls to internet-connected ovens in recent years.

The new laws would mean such devices would have to come with unique passwords, for example.

One expert said it was a "positive step" to protect consumers.

There will be 14.2 billion internet-connected devices in use worldwide by the end of 2019, according to market analysts Gartner.

These include connected TVs, smart speakers and home appliances with internet connectivity.

These devices often become the targets for cyber-attackers who hack them in order to steal personal data, spy on users or remotely take control of devices to otherwise misuse them.

The proposed legislation, launched by Digital Minister Margot James, would also introduce a new labelling system to tell customers how secure an IOT product is.

Ms James said it was part of the UK's bid to be a "global leader in online safety".

Retailers would eventually be barred from selling products without the labels although initially the scheme would be voluntary.

To gain a label and enter the market, IOT devices would have to:

• come with unique passwords by default
• state clearly for how long security updates would be made available
• offer a public point of contact to whom any cyber-security vulnerabilities may be disclosed

The proposed laws follow a voluntary code of practice for IOT manufacturers that was published in the UK last year.

"Serious security problems in consumer IOT devices, such as pre-set unchangeable passwords, continue to be discovered - and it's unacceptable that these are not being fixed by manufacturers," said the technical director of the UK's National Cyber Security Centre (NCSC), Ian Levy.

Cyber-security expert Ken Munro, who has exposed many flaws in IOT devices, told BBC News the proposed legislation was a "positive step forward, helping to fix the mess that is consumer smart product security".

"It's important that government doesn't allow the proposed regulation to be watered down during consultation. The proposals are limited, but a good start," he said.

"I'm particularly pleased to see product security labelling being proposed, so that buyers can make informed decisions."