Broadband Group Proposes Recommendations for Better Consumer IoT Security

The Broadband Internet Technical Advisory Group has released guidelines and recommendations aimed at helping consumer IoT manufacturers and other providers improve device privacy and security. Tuesday's BITAG report said consumers face threats from any internet-connected device, but the IoT is "unique" because it usually involves nontechnical or uninterested consumers who lack the expertise to evaluate privacy and security for such devices. The report said IoT threats potentially increase with the lack of incentives from manufacturers to develop and deploy software updates after initial product sales, difficulty in providing updates over a network, devices with limited resources and constrained user interfaces, and products that may ship with malware. To address insecure communications, data leaks, malware and service disruption, the group said IoT devices should be shipped with "reasonably" current software and have a way to receive automated and secure software updates. It said devices should use strong authentication and encryption with their configurations tested and hardened. The report recommended a privacy policy be included and easy to find and understand and industry should develop a cybersecurity program with a "Secure IoT Device" logo on retail packaging. Stakeholders, manufacturers and retailers should provide privacy policies, bug reporting systems and secure software programs, and support devices across their lifespans, BITAG said.