The government has today launched a code of practice to ensure that connected products are ‘secure by design’. Tech companies HP Inc and Centrica Hive are the first to commit.
The government has launched a code of practice to ensure that connected products are ‘secure by design’. Security must now be considered in the design process rather than being left as an afterthought.
We welcome the government taking a lead in tackling the growing issue of security in internet-connected products. Manufacturers of these smart devices must now show they are taking security seriously and sign up to the code to better protect consumers who use their products every day.
New safety risks
In its 60 years of existence, Which? has been a champion of consumers’ rights, given advice on products and services, and held industry and the government to account where we find problems – all to keep consumers protected.
Over the past six decades, we’ve had to adapt our testing to ensure we cover the products that have continued to change consumers’ lives. We rigorously test and provide advice that allows consumers to make a smarter decision on the product or service they’re purchasing.
The range of technology we test has grown and expanded over time, as has what is available on the market, with manufacturers continually innovating on features and design.
As technology has changed, new challenges have come to the fore and new risks to consumers’ safety have been exposed.
The security of consumer’s products is the next big issue for Which? and for the industry. Smart technology, the internet of things, and connected homes will bring benefits to consumers, but also risks. From cyber attacks and data leaks come scams and fraud, threatening people’s safety and the security of their personal information.
That’s why, in 2014, we first started investigating the security of smart products. Then, in 2015, we brought in a security-testing programme for cameras and wearables, before adding thermostats, smart hubs and more.
We’ve already spotted problems from connected toys that have no security measures, leaving children at risk, to wireless cameras that you can’t protect. We’ve also seen a connected coffee machine that wasn’t secure and allowed us to overload it during testing – a flaw that could lead to a fire.
Code of practice
At the moment, consumers have no way of knowing if a smart product isn’t secure and whether they’re protected or not. And we think that the onus and expectation to make a product secure should be on the manufacturer at the point of design and manufacture, not with the consumer as an after-thought.
Today, Digital Minister Margot James MP joined us at Which? with an invited audience from across the tech industry, manufacturers and academics to launch the government’s new code of practice for manufacturers of connected technology.
We’re supporting the government’s plan for improving the security of connected consumer technology. It’s no longer acceptable for a connected product to be put on the shelves and for it to not be secure.
We believe it’s time that manufacturers took safety and security seriously. With connected devices becoming increasingly popular, it’s vital that consumers aren’t exposed to the risk of cyber-attacks through products that are left vulnerable by manufacturers’ poor design and production.
Companies must ensure that the safety of their customers is the absolute priority when ‘smart’ products are designed.
If strong security standards aren’t already in place when these products hit the shelves, then they shouldn’t be sold.
What security standards do you expect to be in place when you buy smart products? Are you wary of buying connected tech because of the risks it poses?