The digital security of many consumer devices connected to the Internet - the so-called Internet-of-Things - is not up to scratch. Especially smart toys ('connected toys') and baby monitors score poorly. This is evident from research commissioned by the Netherlands Radiocommunications Agency.
Telecom Agency had 22 commonly used devices examined in the categories: routers, smart toys, IP cameras, smart locks, baby monitors and smart thermostats. Seventeen of the 22 devices scored moderately to very poorly on basic security and privacy aspects. A total of five devices examined were relatively secure: in the case of the Nest Learning V3 thermostat and the Alecto IVM-100 baby monitor, researchers did not even find any security problems. Manufacturers and suppliers of insecure devices have been notified. In a number of cases, this has already led to modifications of the products.
Angeline van Dijk, director-in-chief of the Netherlands Radiocommunications Agency: "It is worrisome that the digital security of most of the smart devices investigated is not in order. These are products that are in many consumers' homes. Anyone who suspects they are unsafe can report this to the Radiocommunications Agency. Fortunately, the research also shows that good security by manufacturers is possible. As regulator, I advocate additional European rules to better protect consumers against cyber attacks."
Many devices use poorly secured connections and default settings that are not secure. Performing an update is often cumbersome. This allows personal data or even passwords to be viewed and controls to be taken over. This makes devices vulnerable to infections and unwanted access.
The results of the research emphasize the importance of the measures as stated in the Roadmap Digitally Secure Hardware and Software that State Secretary Keijzer published last year. These measures should lead to a significant improvement in the digital security of smart devices. For example, by striving to set minimum security requirements through the European Radio Equipment Directive.
Users of IoT devices can do a lot themselves to make their devices less vulnerable to unwanted access and cyber attacks. The report includes a number of tips: perform regular updates, choose a strong password, share as little information as possible with the device and do not connect the device to a network unnecessarily. Many devices do not need to be online for use.
View: Report on the digital security of IoT devices
This publication can also be found in the files Internet of Things and Information Security
