Skip to Content

If Only a Simple Gadget Rating Could Save Us from Cyberattack

Suggestions that a security score be awarded to connected devices is a lovely idea that would be almost impossible to implement.
Cyber security ratings
Cyber security ratings

In these hyper-connected days, where every Internet-enabled device appears to be corralled by criminals to carry out cyberattacks, wouldn’t it be great to find a little peace of mind?

Wouldn’t it be nice, say, if every time you went to buy a gadget, a little sticker told you just how secure the device was, so you could make a purchase safe in the knowledge that you were doing the best you could to keep your devices from being hijacked? It might at least ease the headaches of many consumers, who have found their routers and smart baby monitors and Wi-Fi printers hacked, as they look to add add smart refrigerators and washing machines and whatever else to their battery of connected domestic devices.

Certainly, that’s what Mike Barton, a British police chief and the U.K.'s policing lead for crime operations, thinks should happen. The Guardian reports that the Barton would like companies to publish a security rating on their products, much like they’re required to list energy efficiency ratings in many countries.

“You’ve got a situation where we don’t know what the security is like in the devices we are buying in the Internet of things. It’s just not reported. And yet that is the most significant component of what it is you are buying,” he explained, according to the newspaper, as he described how a smart fridge could be compromised. “It’s not just how many yogurts you are eating that is at risk, it’s that your Internet of things are all plugged into the same network. That is a backdoor into your network.”

Picking through the garble, he is, of course, correct. A device with weak security can be hacked and controlled remotely. That could provide criminals with access to your home networks, or they may use the hardware for a grander purpose by recruiting it to one of the growing armies of Botnets of Things (see: "10 Breakthrough Technologies 2017: Botnets of Things") .

Sadly, he pulls up short of actually describing how it would be possible to implement such a rating system. And unlike energy efficiency, which is relatively easy to measure objectively, digital security is a slippery concept. It may be easy enough for a company to tick off boxes to reassure users that they don’t, say, use weak default passwords, but it’s nearly impossible to guarantee that a device’s software doesn’t have security vulnerabilities that could be exploited by criminals.

In fact, the only thing that really is possible to guarantee about any kind of connected device is that it does have some vulnerability—even if it hasn't been identified yet.

The security of a gadget also relies largely on its software. So the ability of a device to withstand hacking can be changed overnight by an update (either improving it or, through shoddy code, making it worse). Similarly, a device's security will degrade over time if it doesn't get updates, as hackers develop new tools and devices sit around using the same old operating systems.

Barton is certainly not the first to voice these kinds of concerns. Last year, cyber security experts warned Congress that the security situation surrounding connected devices was worsening because manufacturers lack incentives to prioritize security. At the time Kevin Fu, a professor of computer science and engineering at the University of Michigan, said that the U.S. government should establish an independent body to test the security of IoT devices. That's perhaps a better idea than Barton’s, but again it’s still not clear how it would work in practice.

For now, then, consumers continue to buy hardware and connect it to the Internet with little idea of how secure the device is, other than some vague notion of trust. There may be a better way, of course, but it’s yet to present itself.

(Read more: The Guardian, “Security Experts Warn Congress That the Internet of Things Could Kill People,” “10 Breakthrough Technologies: Botnets of Things,” “The Internet of Things Goes Rogue”)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.