The NCC has been invited to the G20 meeting to present their work with internet-connected products, and to provide suggestions to how cyber security can be improved, particularly in devices marketed toward kids.
– We are happy that our work has contributed to shine a light on these issues, especially at such an important arena. Our tests of connected toys and children’s smartwatches show that these products threaten both consumer rights, data protection rights, and in the worst-case scenario, could endanger children, director of digital services Finn Myrstad says.
Consumer services and products that are insufficiently secured, could also present a threat to the wider society. For example, we have seen many cases where connected consumer devices without sufficient cyber security measures are used in botnet-attacks against vital institutions or functions.
Five suggestions for safer products
Today, the Consumer Council presents the following suggestions:
- Industry actors have to enact standards and guidelines regarding cyber security in IoT-products.
- Mandatory minimum baseline standards for connected products.
- Mandatory certification of online products and services targeted toward consumers in particularly vulnerable situations, such as children.
- Stronger enforcement toward connected devices and services.
- Better suited regulation and stronger consumer protection when the products do not satisfy baseline cyber security standards
– An increasing number of products are connected to the internet, and we should be able to expect a certain level of cyber security-implementation. When insecure and potentially dangerous products are filling the shelves, this is an obvious market failure, Myrstad says.
– Our experience is that many of the manufacturers and vendors do not take these issues seriously, and that they do not have the necessary knowledge or will to ensure that we are offered secure products.