UCL Jill Dando Institute of Security and Crime Science


Developing a consumer security index for domestic IOT devices (CSI)

17 January 2019

Research Summary

Internet enabled devices including smart televisions, security cameras and thermostats are now commonly found around the home. Devices such as these have enormous potential to transform society, but they also provide opportunities for crime.  For example, some devices (including ‘security’ cameras) lack basic password functionality or allow the use of default passwords, which can easily be guessed or even found on forums. Such vulnerabilities have been exploited to conduct Distributed Denial of Service (DDoS) attacks, which are used to make a website or online service unavailable. One such attack, which took place in 2016 knocked Twitter, Netflix and the Guardian Newspaper offline during the attack. Vulnerable internet enabled devices can also be targeted to steal personal information, including credit card details. 

While security should be designed into devices, there is little incentive for manufacturers to do so consistently. Moreover, at the point of purchase, consumers are not provided with simple information to help them assess the security of devices.  This differs to the traffic light system used for food products in supermarkets, or the energy efficiency ratings provided for many electronic goods. The aim of the proposed research is to develop a Consumer Security Index for domestic IoT devices, and encourage its use to incentivise manufacturers to improve IoT device security.

Policy briefing

A policy briefing document has been prepared for this project, entitled “How secure is consumer IoT?” The briefing is available by clicking here.

Lead investigator(s): 

Professor Shane Johnson

Research Assistant(s): 

Dr John Blythe 

For information about this project contact: Dr John Blythe j.blythe@ucl.ac.uk