global_banner

    IoT is Easily Hackable Today; EC Hopes to Change That

    Mar 07, 2017
    Lauren Cerulus of Politico recently reported on efforts by the European Commission (EC) to stem the growing threat of denial-of-service attacks on the billions of devices connected to the Internet. Currently, when consumer goods that comprise the Internet of Things (IoT) are hacked, their manufacturers face no legal action in Europe because there is no legislation for it.

    But after being the victim of a denial-of-service attack last fall, the EC and European Parliament are taking such threats more seriously.

    The EC is crafting a “trust label” for IoT products that would inform customers if they’re buying something that’s hackable. Further, the e-Privacy Regulation that’s working through Parliament could also affect how some products, such as voice-controlled applications, approach their communications data.

    According to Cerulus, the EC also hopes to propose legislation on cybersecurity certifications this year to support the existing voluntary standards that have been put in place by the mobile industry association and other corporate interests. The EC is expected to lay out its latest cybersecurity strategy this summer, updating a 2013 plan that largely predated such threats to IoT.

    All said, it may be years before manufacturers have a distinct set of binding security standards.

    Today, few IoT devices ask new owners to change the default login, which leaves that item—a refrigerator, a thermostat, or a security camera, perhaps—very much vulnerable to intrusion.

    “You can blame the users, but that’s not fair,” said Lori Wigle, a senior manager with Intel. “The device maker can build in a mechanism that triggers users to change [the original login].”

    Politico’s Cerulus uses the example of the website Insecam, which hosts a database of online security cameras that can be accessed remotely. With just a couple clicks, a hacker could be looking at the back yard of someone who forgot to change his password.

    Sources:
    Politico.eu

    The online Global Policy Brief is intended to help you stay current on international news and events. Further information about the issue is accessed by clicking on the link provided at the end of each summary.

    Want to sign up to receive an email version of the Global Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    © 2017, ARMA International