Skip to Content

If Only a Simple Gadget Rating Could Save Us from Cyberattack

Suggestions that a security score be awarded to connected devices is a lovely idea that would be almost impossible to implement.
Cyber security ratings
Cyber security ratings
Cyber security ratings

In these hyper-connected days, where every Internet-enabled device appears to be corralled by criminals to carry out cyberattacks, wouldn’t it be great to find a little peace of mind?

Wouldn’t it be nice, say, if every time you went to buy a gadget, a little sticker told you just how secure the device was, so you could make a purchase safe in the knowledge that you were doing the best you could to keep your devices from being hijacked? It might at least ease the headaches of many consumers, who have found their routers and smart baby monitors and Wi-Fi printers hacked, as they look to add add smart refrigerators and washing machines and whatever else to their battery of connected domestic devices.

Certainly, that’s what Mike Barton, a British police chief and the U.K.'s policing lead for crime operations, thinks should happen. The Guardian reports that the Barton would like companies to publish a security rating on their products, much like they’re required to list energy efficiency ratings in many countries.

“You’ve got a situation where we don’t know what the security is like in the devices we are buying in the Internet of things. It’s just not reported. And yet that is the most significant component of what it is you are buying,” he explained, according to the newspaper, as he described how a smart fridge could be compromised. “It’s not just how many yogurts you are eating that is at risk, it’s that your Internet of things are all plugged into the same network. That is a backdoor into your network.”

Picking through the garble, he is, of course, correct. A device with weak security can be hacked and controlled remotely. That could provide criminals with access to your home networks, or they may use the hardware for a grander purpose by recruiting it to one of the growing armies of Botnets of Things (see: "10 Breakthrough Technologies 2017: Botnets of Things") .

Sadly, he pulls up short of actually describing how it would be possible to implement such a rating system. And unlike energy efficiency, which is relatively easy to measure objectively, digital security is a slippery concept. It may be easy enough for a company to tick off boxes to reassure users that they don’t, say, use weak default passwords, but it’s nearly impossible to guarantee that a device’s software doesn’t have security vulnerabilities that could be exploited by criminals.

In fact, the only thing that really is possible to guarantee about any kind of connected device is that it does have some vulnerability—even if it hasn't been identified yet.

The security of a gadget also relies largely on its software. So the ability of a device to withstand hacking can be changed overnight by an update (either improving it or, through shoddy code, making it worse). Similarly, a device's security will degrade over time if it doesn't get updates, as hackers develop new tools and devices sit around using the same old operating systems.

Barton is certainly not the first to voice these kinds of concerns. Last year, cyber security experts warned Congress that the security situation surrounding connected devices was worsening because manufacturers lack incentives to prioritize security. At the time Kevin Fu, a professor of computer science and engineering at the University of Michigan, said that the U.S. government should establish an independent body to test the security of IoT devices. That's perhaps a better idea than Barton’s, but again it’s still not clear how it would work in practice.

For now, then, consumers continue to buy hardware and connect it to the Internet with little idea of how secure the device is, other than some vague notion of trust. There may be a better way, of course, but it’s yet to present itself.

(Read more: The Guardian, “Security Experts Warn Congress That the Internet of Things Could Kill People,” “10 Breakthrough Technologies: Botnets of Things,” “The Internet of Things Goes Rogue”)

Keep Reading

Most Popular

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

A view of clouds illuminated by sunlight
A view of clouds illuminated by sunlight

We can’t afford to stop solar geoengineering research

It is the wrong time to take this strategy for combating climate change off the table.

Death and Jeff Bezos
Death and Jeff Bezos

Meet Altos Labs, Silicon Valley’s latest wild bet on living forever

Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.

new GPT3 is a good student
new GPT3 is a good student

The new version of GPT-3 is much better behaved (and should be less toxic)

OpenAI has trained its flagship language model to follow instructions, making it spit out less unwanted text—but there's still a way to go.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.