View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 10, 2016

EU planning new IoT security rules

Tougher regulation needed to force IOT companies to be secure

By Hannah Williams

The European Commission announced new cybersecurity requirements for IoT devices.

The new rules are part of a plan to overhaul the EU’s telecommunications laws. The expected proposal comes following warnings that many IoT devices include little or no security protections.

Euractive’s Catherine Stupp said: “The commission would encourage companies to come up with a labelling system for internet-connected devices that are approved and secure.”

One recent threat came from a powerful malware called Mirai which has infected IoT devices across the world.

EU lawmakers want to remove fears caused from security attacks by creating rules that force companies to meet tough security standards and go through multi-pronged certification processes to guarantee privacy.

An analysis published by Flashpoint found that the web-based administration for devices made by Chinese company XiongMai Technologies, can be trivially bypassed without the need to supply a username or password.

securityThe main issue discovered, was even if owners of these IoT devices change the default credentials, the machines can still be reached over the Internet.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Zach Wikholm, a spokesperson from Flashpoint said: “The issue with these particular devices is that a user cannot feasibly change this password. The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”

This is also the case for various Internet-connected devices, as the default setup still use the username and password, leading to an easy target of internet threats.

Thibault Kleiner, Deputy Head of cabinet for Oettinger said: “That’s really a problem in the internet of things. It’s not enough to just look at one component. You need to look at the network, the cloud. You need a governance framework to get certification.”

The European Commission plans to solve this with tougher regulation.

Kliener added that the Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure.

 

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU