XClose

Dawes Centre for Future Crime at UCL

Home
Menu

Developing a consumer security index for domestic IOT devices (CSI)

19 May 2021

Research summary

Internet enabled devices including smart televisions, security cameras and thermostats are now commonly found around the home. Devices such as these have enormous potential to transform society, but they also provide opportunities for crime.  For example, some devices (including ‘security’ cameras) lack basic password functionality or allow the use of default passwords, which can easily be guessed or even found on forums. Such vulnerabilities have been exploited to conduct Distributed Denial of Service (DDoS) attacks, which are used to make a website or online service unavailable. One such attack, which took place in 2016 knocked Twitter, Netflix and the Guardian Newspaper offline during the attack. Vulnerable internet enabled devices can also be targeted to steal personal information, including credit card details. 

While security should be designed into devices, there is little incentive for manufacturers to do so consistently. Moreover, at the point of purchase, consumers are not provided with simple information to help them assess the security of devices.  This differs to the traffic light system used for food products in supermarkets, or the energy efficiency ratings provided for many electronic goods. The aim of the proposed research is to develop a Consumer Security Index for domestic IoT devices, and encourage its use to incentivise manufacturers to improve IoT device security.

Policy briefing

A policy briefing document has been prepared for this project, entitled “How secure is consumer IoT?” The briefing is available by clicking here.

Lead Investigator(s)Prof Shane Johnson, UCL Dept of Security and Crime Science
Research Assistant(s):Dr John Blythe, Honorary Research Fellow
For information about this project contact

Dr John Blythe (j.blythe@ucl.ac.uk)

Outputs