Should IoT devices carry security labels?


The UK government has proposed a new Secure by Design code of practice which could see connected devices carrying a security label to inform consumers about how hackable they are.

Tom Gaffney, Principal Consultant at F-Secure: “F-Secure was previously critical of the code of conduct but by proposing a legal framework the UK Government is taking a step in the right direction. There is a long way to go (as initially it will be voluntary) and there is always much in the detail to be considered, plus we have to question how effective legislation will be. The initial proposals will focus on three areas, weak passwords, security updates and vulnerability disclosures, from a security perspective we agree that these are major issues in the world of IoT threats today. As many as one third of IoT attacks abuse weak passwords and legislating to fix this basic issue can only be a good thing.“