New internet of things security code aims to stamp out Mirai and other threats

News
By published

The government is taking action on IoT security

Internet of Things

We’ve seen the chaos that the Mirai botnet can cause – not to mention the potential havoc that related variants could wreak – but the good news is that the UK government is making moves to shore up internet of things security against such threats.

The government has just published the ‘Secure by Design’ policy paper which contains a draft code of practice for consumer IoT products and services, as pointed out by David Rogers, the author of that draft code (in conjunction with other organisations like the ICO).

As the government states, the broad idea is as follows: “This report advocates a fundamental shift in approach: moving the burden away from consumers having to secure their devices and instead ensuring strong security is built into consumer ‘internet of things’ (IoT) products by design.”

Specifically, the draft code calls for manufacturers to be held to certain basic IoT security standards, outlining 13 steps to improve security, with three central measures specifically given priority. That trio includes changing the practice of leaving default passwords in place – which is obviously a major security risk – as well as keeping software updated with security fixes, and giving security researchers a way to disclose vulnerabilities which have been found.

Security bar

Rogers observed: “We can either have a lowest common denominator approach to security or we can say ‘this is the bar and you must at least have these basics in place’.

“In 2018 it just simply isn’t acceptable to have things like default passwords and open ports. This is how stuff like Mirai happens. The guidance addresses those issues and had it been in place, the huge impact of Mirai would simply not have occurred.”

As the internet of things continues its explosive expansion and more connected devices proliferate, there are certainly obvious reasons why a system ensuring tighter overall security needs to be put in place.

The policy paper and draft code therein are just a first step for now, with the government expecting to receive feedback from the tech industry at large, as well as academic institutions and international bodies. That will all be taken on board as the proposal is developed further.

TOPICS
Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Latest in News
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
Android Auto
Android Auto 14.0 is rolling out now – and it'll soon swap Google Assistant for the smarter Gemini
The Witcher 4
You're probably not playing The Witcher 4 until 2027 at the earliest, per CD Projekt's latest financial update
More about security
URL phishing

HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware

Cl0p resurgence drives ransomware attacks to new highs in 2025
Android Auto

Android Auto 14.0 is rolling out now – and it'll soon swap Google Assistant for the smarter Gemini
See more latest
Most Popular
Android Auto
Android Auto 14.0 is rolling out now – and it'll soon swap Google Assistant for the smarter Gemini
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
Josie and Matt laughing in front of the Google Pixel 9a
TechRadar Podcast: Is the Pixel 9a ugly? Has Apple ruined the smartwatch market? And is Samsung's One UI in trouble?
Apple iPhone 16 Pro REVIEW
The iPhone 17 Air looks impressively slim in this new comparison image, but that just makes me more worried about the specs
Matt Murdock smiling in Daredevil: Born Again episode 5 and Kamala Khan looking stunned in The Marvels
Daredevil: Born Again episode 5 just revealed what Kamala Khan has been up to since The Marvels, and now I'm more excited for the next superhero team to appear in the MCU
Google Pixel Watch 3, 41mm and 45mm
Google says it will fix broken Wear OS 5.1 update, but why does this keep happening?
Two Android phones on a green and blue background showing Google Messages
Google Messages just added a fun upgrade to one of its best chat features