As more devices in the home connect to the internet, the cyber security of the Internet of Things (IoT) is becoming a growing concern. People entrust their personal data to an increasing number of online devices and services. In addition, products and appliances that have traditionally been offline are now becoming connected and need to be designed to withstand cyber threats. Poorly secured products threaten consumer’s privacy and some devices are exploited to launch large-scale DDoS (Distributed Denial of Service) cyber-attacks.
ETSI’s new specification TS 103 645, addresses this issue and specifies high-level provisions for the security of internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) or smart home assistants. TS 103 645 requires implementers to forgo the use of universal default passwords, which have been the source of many security issues. It also requires implementation of a vulnerability disclosure policy to allow security researchers and others to report security issues. As many IoT devices and services process and store personal data, this specification can help ensure that these are compliant with the General Data Protection Regulation (GDPR).
ETSI – www.etsi.org