Both the U.S. and the UK believe it's not very smart to use smart devices the way they're designed today. Poor password protection, at a start, make them a playground for hackers — and unsafe, at least for governments says Senator Mark Warner.
Warner, who spoke at SXSW this weekend, believes the U.S. government can force stronger security into connected devices just by the way it spends its own money. Demanding better standards from products they buy themselves, the government may nudge manufacturers to shore up their products, reports CNN.
Hacking of smart devices — from connected cars to refrigerators — is well-known. Malicious code, the kind that can be used to break into computers as well, easily spreads through anything that connects to the internet, and isn't protected by some kind of security. Mirai and BlueBourne are just recent examples of malware that specifically attacked smart, connected devices.
While products like smart speakers often (but not always) have strong security measures in place, people will use these to connect to other products like smart locks, blinds or thermostats. That chain is only then as strong as its weakest link in terms of security. At each point, malware that gets into one device can then infect every other item on that chain.
This concern was also recently echoed across the pond by those in the UK government, through a new report, Secure by Design. They suggest stricter, but voluntary, rules on the way products that send data across the internet, into the home, are locked down.
Security updates that are pushed to devices — rather than waiting for people to download them — is one suggestion. Another is demanding all data from smart devices is encrypted.
In the U.S., Warner, co-chair of the Senate Cybersecurity Caucus, wants basic security requirements in any connected device purchased by the U.S. government. His proposed bill, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, would demand that "…vendors who supply the U.S. government with IoT devices would have to ensure that their devices are patchable, do not include hard-coded passwords that can't be changed, and are free of known security vulnerabilities, among other basic requirements."