More and more consumer products contain wireless network connectivity either providing local short range connectivity to other devices or are directly connected to the internet – raising the risk of hacks or personal data breaches. Smart speakers, connected toys, domestic appliances and smart locks are all potentially vulnerable if not adequately secured by design and during their expected lifespan. As an example the Furby Connect doll with Bluetooth connectivity, enabled anyone within 100 feet to hack its wireless connection and access its microphone. Given that this product was intended for use by children, such a fundamental security flaw was especially unfortunate.

Everyone recognises there’s a problem, but exactly how to solve it isn’t yet well-defined. Governments are still developing legislation to improve security and product labelling, and to protect personal data. However, given the poor security of many current and historic IoT products regulation alone is not going to solve the problem overnight.

This leaves product vendors in a difficult position, with a need for clear direction in consumer IoT security. To fill this gap, ETSI recently announced ETSI TS 103 645, the first worldwide standard for consumer IoT security. This sets a benchmark for how to secure consumer products connected to the internet, and aims to promote best practice.



Quantum computing could soon emerge from research labs to handle practical workloads such as simulating complex processes or performing cryptographic calculations that are beyond the reach of current supercomputers. While this is all very exciting it poses serious issues for the security of many systems. Quantum computers could easily break current state of the art cryptography, so data encrypted today will become an easy target for quantum hackers of the future.

Cheap mass storage enables cyber criminals to harvest vast quantities of encrypted data and simply wait until they have the firepower to expose its secrets. Data protection regulations require organisations to maintain data confidentiality for periods of several years, so this is a serious threat.