|
||||
|
|
||||
|
||||
|
Internet of Things (IoT) Part 2 |
||||
|
Hi
As a follow up to the post a week ago regarding the topic of the Internet of Things, examples of consumer devices that we all might use include
• connected children's toys and baby monitors; • connected smoke detectors, door locks and window sensors; • modems or gateways to which multiple devices connect; • smart cameras, TVs and speakers; • wearable health trackers; • connected home automation and alarm systems, especially their gateways and hubs; • smart devices such as Alexa and Siri • connected appliances, such as washing machines and fridges; and • smart home assistants.
All these devices expose us to potential security vulnerabilities
Standards like ETSI EN 303 645 aim to establish a baseline for consumer ‘Internet of Things’ security. The UK’s legislation is covered under the PSTI Act 2022 and PSTI regulations 2023.
So, what do you need to look for?
The Statement of Compliance (SoC) which could be a physical or digital document. Important to note, there is no physical mark on the product itself.
Some key points: We’ve all purchased products that have default passwords or easily-guessed such as “Password” or “12345”. These are banned on new products.
External/Customer reporting process for vulnerabilities and published vulnerabilities under a Vulnerability Disclosure Policy is mandatory.
Clear information on how long the products will be supported by security updates.
Kind regards
Stephen Blake 20406 | ||||
Reply to this message | ||||
|
|
