The government has launched a new code of practice to ensure that connected products are ‘secure by design’ with security considered in the design process rather than being left as an afterthought.
It’s estimated that each household in the UK owns at least 10 internet-connected devices, and that there’ll be more than 420m in use across the UK within the next three years. From turning your lighting or heating on remotely, to scheduling your coffee maker via an app, the ‘internet of things’ is becoming increasingly mainstream.
There are many connected devices on the market that lack basic security measures, though, which makes them susceptible to hacking. Poorly secured devices pose a serious threat. They can put our privacy and security at risk and can even be used as part of large-scale cyber-attacks.
Every smart hub that we review is put through a rigorous set of tests to assess how secure the device and interface is. Read our smart hub reviews to choose one that’s scored well.
New code of practice: what it means for you
The new code of practice consists of 13 guidelines that those involved in the internet of things industry should follow to help keep consumers safe.
The guidelines recommend that:
- The installation of devices should be made easy with guidance given to consumers on how to securely set up their devices.
- All personal data should be protected in accordance with data protection law, such as the General Data Protection Regulation (GDPR).
- It should be easy for consumers to delete personal data from their devices with clear instructions on how to delete data when reselling a device or disposing of it.
HP Inc and Centrica Hive, manufacturers of a wide range of connected devices, have both committed to improving the cyber security of their products. Which? is calling upon more manufacturers to follow in their footsteps and commit to the code of practice to keep consumer data safe from cyber-hackers.
The government has also produced a document that links each guideline to industry standards, recommendations and guidance to make it easier for other tech companies to follow the example of HP Inc and Centrica.
Make your smart devices secure
Which? has exposed plenty of security flaws through the testing of smart products, with smart thermostats, connected toys and internet routers all being found to carry a risk. We’ve even set up a real home with a host of smart gadgets and set security researchers the task of hacking it, which took just days.
A recent Which? investigation uncovered a security flaw with the Virgin Media Super Hub 2 routers. The product came with a relatively weak default password that our security researchers were able to crack. In response, Virgin Media ensured that the Super Hub 3.0 is far more secure while urging Super Hub 2 owners to change their passwords.
Which? has also worked closely with the government and industry to develop consumer guidance on how to keep connected devices secure.
For tips on how to secure your personal information, read our guide on how to protect your smart home data.
Take a look at our Computing Helpdesk for answers to common security and privacy concerns.
Alex Neill, Which? managing director of home products and services, said: ‘Which? tests many internet-connected products and has already improved security on devices in more than a million UK homes, including TVs, voice-activated assistants, smart thermostats, and wireless routers.
‘We welcome the government taking a lead in tackling the growing issue of security in internet-connected products. Manufacturers of these smart devices must now show that they are taking security seriously and sign up to the code to better protect consumers who use their products every day.’