Trading standards and the danger of connected devices In this feature | NTS Consumer harm report | Internet of Things | smart technology Connect and regret? Its an emerging threat our love of connected devices offers scammers more chances to access our data. Will it fall to trading standards to keep consumers safe? Louise Parfitt reports B lack Friday, Cyber Monday, bustling high street Saturdays: its that frantic time of year when people are busy buying toys, tellies, toasters (and Tramadol.) in the run-up to Christmas. What all the above have in common except the painkillers is that they are becoming part of the smart generation of devices that create a home network, where people can organise their lives at the tap of an app or by verbal command. These devices are all part of that intangible, yet increasingly popular, technology, the Internet of Things (IoT). But, in this brave new world of technological wizardry, have manufacturers, regulators and enforcers forgotten the inherent dangers posed by putting all our personal data into a hackable, wireless network, where data security problems and cyber crime are already rife? Mike Andrews, national coordinator of the National Trading Standards eCrime Team, believes we have not yet begun to see the consumer fallout from scammers accessing these devices, but that they have the potential to become a huge problem and possibly another burden to be borne by trading standards. the Internet of things The IoT is already encompassing more and more areas of our daily lives, with home butlers such as Amazon Echo (Alexa) and Google Home, which can order the weekly grocery shop while belting out your favourite tunes; central heating thermostats you can alter from work; and smart locks that enable parcels to be delivered even when youre not at home. Even kitchen appliances are getting smarter: connected kettles and mobile apps mean you can now boil the water for your morning cuppa from the comfort of your bed. And it seems that plenty of customers are embracing this smart revolution. Amazon reports that its Echo Dot was the best-selling product globally on Prime Day (11 July) this year. But when consumers connect their new home assistant, few appear to consider who else might be talking to her, too and what information they might be gleaning. Consumer harm National Trading Standards (NTS) recent Consumer Harm report highlighted the dangers hidden behind this rise in smart technology, saying the increased use of connected devices in peoples homes could lead to new opportunities for criminals, with the threats likely to come from viruses and data protection issues. Although no specific consumer reports have directly come to the attention of the NTS eCrime team, you dont have to look far to see how quickly scammers can infiltrate professional organisations systems. In the past year, there have been cyber attacks on organisations like the NHS and Uber. According to cyber security company Darktraces 2017 Global Threat report: The proliferation of new, connected objects multiplies the inroads to critical networks and data, yet organisations often have remarkably poor visibility of CONSumER HaRm REpORt these hidden outposts of their networks. If the likes of the National Trading Standards (NTS) published its third annual Consumer Harm report last NHS and Uber can be successfully month, showing how the work of its teams had infiltrated, what chance does the prevented nearly 127m in losses to consumers average consumer have? and businesses in the past year taking the Connected devices When consumers connect their new home assistant, they are not considering who else might be talking to her, too total losses prevented by NTS over the past three years to 471m. Problems with the security of connected devices have become more prevalent Figures from the report also show that NTS recently with the rise in popularity of secured 104 criminal convictions last year, items such as thermostats, home leading to 174 years in prison sentences being assistants and kitchen appliances, which handed down. This represents a record number often come set with default manufacturer of convictions secured in a single year. passwords and security. Andrews says scammers can use these The report also identified a number of emerging items as an access point into someones threats, including: the increasing sophistication home network and all theother devices of doorstep criminals; growth in the use of social connected to it. Themoreaccess points, media to sell counterfeit goods; new tactics used the more vulnerablea consumer is to by criminals in mass marketing scams; and the having theirsystem hacked. rise in unofficial websites in the secondary ticket Consumers are fairly knowledgeable market, pushing up prices to extortionate levels. about ensuring their computers have the latest anti-virus software and are In 2016/17: password protected, but they do not 1.6m was confiscated from criminals necessarily think about the security as a result of work by NTS regional settings on for example a connected investigations teams kettle, Andrews says. On some devices, 3m was seized from illegal money lenders you may not even be able to change the 23m in consumer loss was saved by the NTS settings. If it becomes known that the Scams Team latest internet kettle made by a certain 2.5 million unsafe or non-compliant items brand has a default security setting, then were prevented from entering the UK by the a fraudster potentially has got a way into Safety at Ports and Borders Teams your home network, and from there your 1m of potential fraud was uncovered by the personal data. eCrime team Even seemingly innocuous items such as toys pose risks. In a recent Which? test into popular Bluetooth and Wi-Fi connected toys, four out of the seven toys tested didnt need a password, PIN code or any other authentication to get access, which could allow a stranger to talk to a child by allowing them to send messages through the toy. It will become a much bigger issue in the future, because the more connected devices we get, the more problems well see, says Andrews. Often, the unsuspecting consumer will not even be aware that their home network has been compromised until: they find their bank account has been cleared out by a fraudster; they receive a letter about a loan falsely taken out in their name after their identity has been stolen by a hacker; or they get ransomware demands on their computer. Even then, without a technical investigation, a consumer may be unaware where the chink in their security lies. Remits and responsibilities Currently, there is still debate over whether this issue will eventually become a trading standards responsibility, according to Andrews. Onone hand, he says there is the consumer protection element, which clearly falls within the trading standards remit. But then, issues involving hacking and ransomware traditionally fall to the police. Who will have the lead role in terms of making sure consumers are adequately protected in that regard falls into a grey area, Andrews says. As more and more of these devices are produced, and they become more commonplace for consumers [and problems come to light] I think that is when it will up the ante in terms of who is going to deal with these issues. Of course, consumers will have to take some responsibility for ensuring their systems are secure, but we are all guilty of disregarding user manuals, especially if they are long and onerous, or require us to go online to download them. But, if a device has a security setting that cannot be changed, or the manufacturer has not given clear, accessible instructions on how to change it, could some of the culpability rest with them? There is definitely more manufacturers can try to do to make sure consumers are aware of the risks, Andrews believes. They need to make the information clearer and make it easier for consumers to be able to adjust the settings on devices so they are not saddled with the default security or password settings. At the moment, this information tends to be an after-thought. Future focus Ultimately though, Andrews believes trading standards will have a part to play in raising consumer awareness, explaining that an element of risk comes with using this technology, which people need to consider when they buy a smart device. Meanwhile, the eCrime team is continuing to monitor the situation. At this stage, it is an emerging threat, he says. We will certainly be keeping a watchful eye on it, and it may be something that in the next year we carry out some focused work on in terms of research, and identifying with manufacturers where potential problems might lie. Credits Louise Parfitt is a writer for TS Today. Images: Martin Cook To share this page, in the toolbar click on You might also like The butterfly effect November 2017