The Government Has Released Guidelines So Your Smart Fridge Doesn’t Get Hacked Again

Image: iStock / metamorworks

One of the cool things about technology is the way it can expand the capabilities every day objects. That’s how we get ‘smart devices’ — also known as the Internet Of Things (IoT) devices — that can talk to each other like smart fridges or televisions. You know what’s less cool? When your smart fridge gets hacked.

That’s why the Australian government has released its first ever set rules for IoT devices. While voluntary, the Code Of Practice: Securing the Internet Of Things For Consumers is supposed to set the standard for device makers. The Code of Practice is one part of the Government’s 2020 Cyber Security Strategy.

Federal Minister for Home Affairs Peter Dutton emphasised the need for secure devices in our homes.

“Internet-connected devices are increasingly part of Australian homes and businesses and many of these devices have poor security features that expose owners to compromise,” Mr Dutton said in a statement.

“Australians should be considering security features when purchasing these devices to protect themselves against unsolicited access by cybercriminals.”

What does the IoT guide say?

The IoT code of practice has 13 principles. These range from protecting personal data by complying with the Privacy Act, to ensuring communication security by encrypting messages (although not like that’s going to stop people from reading them in Australia).

But out of all the principles, the government recommends that device makers prioritise the top three. Those are:

  1. No standard or weak passwords.
  2. Have a way for people to report vulnerabilities in the device’s software.
  3. Keep updating software.

It’s not exactly rocket science, right? But despite the low height of the bar, IoT device makers seem to rarely meet it. Companies seem to pull support for devices at random, while pesky hackers seem to find their way into many IoT devices (like, say, a buttplug).

And while this is voluntary, the government hopes that consumers will look to see whether an IoT device is complying with these rules.

Will that work? Will Uncle Gerard look to see if his smart TV meets all 13 principles before buying it? Will this protect my wifi-enabled lightbulb from Albanian hackers? It’s impossible to know for sure. But at least it’s something, right?