More and more consumer products contain wireless network connectivity either providing local short range connectivity to other devices or are directly connected to the internet – raising the risk of hacks or personal data breaches. Smart speakers, connected toys, domestic appliances and smart locks are all potentially vulnerable if not adequately secured by design and during their expected lifespan. As an example the Furby Connect doll with Bluetooth connectivity, enabled anyone within 100 feet to hack its wireless connection and access its microphone. Given that this product was intended for use by children, such a fundamental security flaw was especially unfortunate.
Everyone recognises there’s a problem, but exactly how to solve it isn’t yet well-defined. Governments are still developing legislation to improve security and product labelling, and to protect personal data. However, given the poor security of many current and historic IoT products regulation alone is not going to solve the problem overnight.
This leaves product vendors in a difficult position, with a need for clear direction in consumer IoT security. To fill this gap, ETSI recently announced ETSI TS 103 645, the first worldwide standard for consumer IoT security. This sets a benchmark for how to secure consumer products connected to the internet, and aims to promote best practice.