Tech giants to sign up to new code of conduct to reduce risk of cyber attacks

Hacker
Smart home devices can have their passwords easily guessed

Easy to guess passwords could be blocked from family smart home devices as they are too easily cracked by hackers, according to new Government guidelines.

Hundreds of millions of once “dumb” products are being linked to the Internet, from smart teddy bears to digital washing machines. 

But these devices pose a growing security threat because they are increasingly vulnerable to cyber attacks and hacking, Cabinet Minister David Lidington writes in the Sunday Telegraph.

"We need to act now to tackle the security risks that are often hidden within those devices," he said.

The Government estimates there will soon be 420 million internet connected devices in Britain. Security researchers have previously warned as many as 15pc of off-the-shelf devices can be hacked by a simple Google search to find the default log in details.

New guidelines for industry will be laid out this week including a block on easy to guess, default passwords on internet of things devices like "password" or "admin" and giving consumers an easy way to access and delete all the data devices hold on them. 

The UK's cyber security agency, the National Cyber Security Centre, also said that retailers should refuse to stock products that don't meet the new standards.

The new rules are being backed by British Gas smart home company Hive and PC giant HP. They are aimed at forcing industry to take the risks to so-called IoT devices more seriously.

The past year has seen digital flaws found in everything from smart teddy bears that could be turned into spy cameras to robot vacuum cleaners that can be hacked into listening devices.

Mr Lidington will this week speak at the second annual review of the National Cyber Security Centre (NCSC), a branch of GCHQ set up to monitor hacking threats and develop cyber security strategy.

The new rules come as the hacking threat to the UK from criminal and state-backed groups mounts. Russian spies of the GRU have been revealed to be behind multiple cyber attacks on the UK, while reports have also cast doubt on technology exports out of China.

Mr Lidington said today: "Every week we read about how businesses and their customers are falling victim to ransomware and data breaches. Our supply chains are being compromised and we have seen suppliers targeted across a number of sectors, leaving some of our largest business vulnerable to hostile cyber activity."

The Government's Secure by Design guidelines will be voluntary. Mr Lidington said internet of things security will need global cooperation.

Minister for Digital Margot James said: "From smartwatches to children’s toys, internet-connected devices have positively impacted our lives but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyber attacks."

Dr Ian Levy of the NCSC said: "We want retailers to only stock internet-connected devices that meet these principles."

 

License this content