Consumers International, the Internet Society and the Mozilla Foundation launch privacy and security guidelines for Consumer IoT products

15 November 2018

Today Consumers International, the Internet Society and the Mozilla Foundation have launched, 'Minimum standards for tackling IoT security' a short set of guidelines setting out a minimum set of requirements that industry should apply to keep connected consumer devices in the Internet of Things secure.

The 'Minimum standards for tackling IoT securityguidelines have been created in response to the growing number of insecure connected consumer devices on the market and the absence of consistent, global standards. These guidelines are not intended to replace mandatory or voluntary standards that are in development. Instead, we hope they will be a useful tool that retailers and manufacturers of connected products, apps and cloud services can directly integrate, and start to phase out practices that lead to the most egregious security failings in connected devices.

Key points from 'Minumum standards for tackling IoT' guidelines:

1) Encrypted communications: products must use encryption for all of their local and network communications functions and capabilities.

2) Security updates: products must have the ability to accept automatic updates, and have that ability enabled by default.

3) Strong passwords: any non-unique default passwords must also be reset as part of the device’s initial setup.

4) Vulnerability management: vendors must have a system in place to manage vulnerabilities in the product.

5) Privacy practices: Products must have a privacy policy and terms and conditions which are easily accessible, written in language that is easily understood and appropriate for the person using the device or service.

Safe, secure and fair internet of things for consumers

Consumers International wants to see a safe, secure and fair IoT system and we are involved in a number of other initiatives to make this happen. The joint Consumers International/Mozilla/ISOC guidelines will sit alongside Consumer International’s own Children’s Connected Product Privacy and Security Retailer Checklist created specifically to help retailers of children’s connected products vet potential suppliers against a set of simple criteria to ensure that the toys they stock meet a basic standard of safety.

View the checklist

Later this month we will also release a short buyer’s guide for people shopping for connected products. 

Consumers International will use the 'Minimum standards for tackling IOT security' guidelines to engage directly with retailers of connected products.