The Daily Swig Web security digest

Household hacks? Australia calls for IoT consumer rating

James Walker | 16 October 2017 at 10:00

Seal of approval system aimed at clamping down on vulnerabilities.

While it’s taken more than 20 years for the term ‘Internet of Things’ to enter common parlance, internet-connected devices are increasingly being heralded as the latest must-have lifehack for today’s time-strapped consumer.

From refrigerators to children’s toys, web-enabled consumer products are flooding the market at a rapid pace, with Boston Consulting Group predicting that $260 billion will be spent on IoT technologies and services by 2020.

But how much trust can we place in IoT devices? Discounting the minor inconvenience of coming home to find your washing cycle hasn’t run, many have pointed to the potential security issues relating to the hacking vulnerabilities and vast swaths of data being collected and stored by connected utilities.

Aside from the hard-hitting privacy issues relating, for example, to the hacking of baby monitors, recent events have demonstrated how internet-connected objects can be weaponized to perpetrate DDoS attacks.

Given the hockey stick growth trajectory of IoT devices, it seems these concerns haven’t escaped the attention of the Australian government, which is understood to be creating a mandatory cybersecurity rating for web-enabled consumer products.

Dan Tehan, the Minister Assisting the Prime Minister on Cyber Security, told Fairfax Media that the government is prepared to pass new laws to clamp down on vulnerabilities in web-enabled devices if the industry does not take the initiative.

“We’re seeing that poor security in IoT devices is having a consequence,” he said. “The idea of baby monitors with poor cybersecurity that can be hacked into, and then the cameras on them observed on the internet, I think, is something which all parents would find absolutely abhorrent.”

According to Fairfax imprint The Sydney Morning Herald, an ‘internet of things working group’ of Australian officials is talking to the technology industry about voluntary minimum standards and consumer rating.

“What we want industry to do is come up with standards that they think are minimum requirements for IoT devices,” he said. “And that ultimately we want to apply to imported products as well.”