Are smart home and wearable devices secure? A global consensus on 5 security must haves 

Home automation control by smart phone. 3D rendering image. Original design.

Image: Getty Images/iStockphoto

Madeline Carr
Professor of Global Politics and Cybersecurity, University College London
Helena Leurent
Director-General, Consumers International
Beau Woods
Cyber Safety Advocate, I am the Cavalry
Annalaura Gallo
Head of Secretariat, Cybersecurity Tech Accord
Anu Devi
Project Lead, Urban Transformation, World Economic Forum
Nicolas Jeambon
Community Specialist, Urban Transformation, World Economic Forum

Listen to the article

  • Billions of connected devices are in use worldwide today, with smart home devices growing rapidly.
  • But for the first time a global consensus for baseline security is emerging.
  • To improve the security of connected devices for all consumers, the Cybersecurity Tech Accord, Consumers International, and I Am the Cavalry representing more than 400 member organizations globally, are launching a Statement of Support around 5 security “must haves,” based on international standards.
  • These include: no universal default passwords, keeping software updated, securely communicating, ensuring that personal data is secure, and implementing a vulnerability disclosure policy.

The Consumer Internet of Things (IoT) – from wearables, to electronics, to home appliances – global market size is forecasted to reach about $154 Billion USD by 2028 compared to $45 Billion in 2020 – dominated by home automation applications. While North America currently holds the largest market share of connected devices, Asia Pacific will see significant growth by 2030. This growth is attributed to wider internet accessibility, investment in R&D, and uptake of smart devices like wearables and doorbells due to consumer concerns about health and safety from COVID-19.

Have you read?

Larger risk of potential cyber threats

As these connected devices play a larger role in our daily lives as consumers, so does the potential for cyber threats. New products coming onto the market continue to introduce vulnerabilities. In 2021, Consumer Reports found “11 security vulnerabilities in four new video doorbells and home security cameras—potentially exposing their owners to hacking or leaks of personal data, including email addresses and wifi passwords.”

Products in the home can be exposed to more than 12,000 hacking attempts in a single week, according to the consumer campaign organization Which?. We have already seen hackers successfully tapping into home cameras, threatening the safety and privacy of individuals and families. Smaller, and cost-sensitive items, with a range of different user interfaces, like consumer IoT devices often lack many of the security features of traditional computer products (i.e. desktop computers, laptops and smart phones).

Loading...

While governments and industries are increasingly pursuing measures to improve the security of connected consumer devices, if global efforts remain fragmented or lack coordination with the private sector and other stakeholders, cybersecurity initiatives and their implementation will remain uneven at best.

Through the World Economic Forum’s Council on the Connected World, leaders from Consumers International, the Cybersecurity Tech Accord and I Am the Cavalry, representing more than 400 organizations globally, collaborated to recognize an emerging consensus on baseline cybersecurity provisions for consumer IoT devices.

Consensus on consumer IoT security provisions

Over 6 months, experts reflecting the interests of security researchers, technology providers, and the consumers – agreed on five security “must haves” as a minimum requirement for consumer-facing IoT devices, which reflect a growing international consensus and are key provisions of the ETSI standard 303-645, as well as many other international standards.

1. Must not have universal default passwords

2. Must keep software updated

3. Must have secure communication

4. Must ensure that personal data is secure

5. Must implement a vulnerability disclosure policy

This resulted in a Statement of Support that calls on device manufacturers and vendors to take immediate action. This statement has been endorsed by over 100 organizations from across stakeholder groups – including leading technology companies, industry organizations, civil society groups, and government cybersecurity agencies.

The expert working group states: “Taken together, these five device capabilities are found in over 100 standards, specifications and guidelines across the world and establish a minimum level of security which should form the basis of all consumer IoT cyber security standards, specifications and guidelines.”

Towards action

In the absence of baseline security requirements for connected devices, consumers are too often left unknowingly assuming unnecessary risk when using everyday products. Unsurprisingly, growing concerns around security and privacy risks are already driving consumers to distrust connected devices, undermining their potential benefits. Though a handful of governments are attempting to improve consumer IoT security through various regulatory approaches, global ICT supply chains will require harmonized efforts across markets to give consumers confidence in device security.

While smart devices can offer myriad benefits, including convenience and improved functionality, they must be developed with security in mind and used responsibly to avoid introducing unnecessary cyber risk. A global consensus – across stakeholder groups – on the five security provisions for device security in this statement is just a starting point, but an important one. More organizations from the public-private sector must unite and cooperate to build a stronger, global foundation to fight cyber threats.

The expert group encourages those who are interested in establishing a global baseline for a secure and connected world to support the joint statement.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Internet of Things

Share:
The Big Picture
Explore and monitor how Internet of Things is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum