Smart fridges and TVs should carry security rating, police chief says

Televisions, fridges and other internet-connected home appliances should carry cyber security ratings alongside energy efficiency ratings, a police chief has suggested.

Durham chief constable Mike Barton said customers should be given the at-a-glance information for internet-ready equipment in the same way fridges, freezers, TVs and other appliances have to display their energy efficiency ratings before sale.

Barton, the national policing lead for crime operations, proposed the idea as part of efforts to protect households from fraudsters and hackers in the era of the Internet of Things, where otherwise “dumb” devices can be put online and be interconnected for automation and smart appliance activities.

Analysts have forecast that by 2020 there will be as many as 21bn connected devices around the world, with the surge in the number and variety of internet-ready products sparking a string of security warnings.

Earlier this year, an official report warned that smartphones, watches, televisions and fitness trackers could be targeted by cyber criminals seeking to hold users to ransom over their personal data. There have even been reports that baby monitors and pacemakers could be vulnerable to hacking.

Barton said: “It’s not just how many yoghurts you are eating that is at risk, it’s that your internet of things are all plugged into the same network. That is a back door into your network.”

Barton queried why devices designed to be connected to the internet are not being accessed for internet security and said that the responsibility for devising a suitable rating system should fall to the industry.

Barton said: “Whenever you go into a store now you see fridges and it’s A down to F in terms of its energy efficiency. Where are the security ratings?

“You’ve got a situation where we don’t know what the security is like in the devices we are buying in the internet of things. It’s just not reported. And yet that is the most significant component of what it is you are buying.”

The difficulty for a simplistic rating system for internet security is that, unlike energy efficiency, a device’s resilience to attack from cyber criminals can change over time as holes are found in its software and new hacking techniques are developed.

As with computers and smartphones, most internet connected devices are only as secure as their last update to continually patch flaws in their software that could let hackers in.

Read more…

Source: The Guardian