Tighten Smart Device Security, Warns Government
The Federal Government has urged Internet of Things manufacturers to tighten cybersecurity on their smart devices, with a new set of voluntary guidelines.
With IoT devices such as smart fridges, smart TVs, baby monitors, and security cameras expected to reach 31 billion this year and 75 billion by 2025 according to Cisco, manufacturers need to build security into their devices by design, says Home Affairs Minister Peter Dutton.
“Internet-connected devices are increasingly part of Australian homes and businesses and many of these devices have poor security features that expose owners to compromise.
“Australians should be considering security features when purchasing these devices to protect themselves against unsolicited access by cybercriminals,” he said.
The new Code of Practice: Securing the Internet of Things for Consumers, released this week, sets out 13 principles for manufacturers to abide by in their smart devices:
- No duplicated default or weak passwords
- Implement a vulnerability disclosure policy
- Keep software securely updated
- Securely store credentials
- Ensure that personal data is protected
- Minimise exposed attack surfaces
- Ensure communication security
- Ensure software integrity
- Make systems resilient to outages
- Monitor system telemetry data
- Make it easy for consumers to delete personal data
- Make installation and maintenance of devices easy
- Validate input data
Alongside these principles, the government has released a number of tips for consumers to make sure their devices are safe, including buying from reputable manufacturers; making sure passwords can be changed; making sure updates are provided; and finding out what data the device connects and who it is shared with.
Defence Minister Linda Reynolds says consumer and manufacturer awareness is key to cybersecurity.
“Boosting the security and integrity of internet connected devices is critical to ensuring that the benefits and conveniences they provide can be enjoyed without falling victim to cybercriminals,” she said.