Stickers emerge as EU's weapon against dud IoT security

The European Commission is readying a push to get companies to produce labels that reveal the security baked into internet-of-things things.

The labelling effort is part of a broader push to drive companies to better handle security controls and privacy data in the notoriously insecure and leaky devices.

Deputy head of cabinet Thibault Kleiner told Euractiv the Commission may push companies to develop labelling for secure internet-of-things devices.

The stickers plan is modelled on labels applied to white goods and other domestic appliances, as consumers apparently understand this kind of labelling.

The Commission will have a mammoth task ahead of it because internet of things things are notoriously insecure. The world's sloppiest security appears time and again inside things, with flaws like missing and default passwords common while web servers are often left in parlous states that allow remote code execution and worse.

The risk posed by sloppily-secured things was demonstrated neatly by a recent DDoS attack, rated the world's largest to date, which emerged from a large internet of things botnet.

By the time the EC gets its stickers sorted, millions of badly-secured devices will already be in circulation. Perhaps an effort to explain firmware upgrades to lay-people is also needed. ®