UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?

Blythe, JM; Sombatruang, N; Johnson, SD; (2019) What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages? Journal of Cybersecurity , 5 (1) , Article tyz005. 10.1093/cybsec/tyz005. Green open access

[thumbnail of What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages.pdf]
Preview
Text
What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages.pdf - Published version

Download (196kB) | Preview

Abstract

Through the enhanced connectivity of physical devices, the Internet of Things (IoT) brings improved efficiency to the lives of consumers when on-the-go and in the home. However, it also introduces new potential security threats and risks. These include threats that range from the direct hacking of devices that could undermine the security, privacy and safety of its users, to the enslaving of IoT devices to commit cybercrime at scale, such as Denial of Service attacks. The IoT is recognized as being widely insecure, in large part, due to the lack of security features built into devices. Additionally, consumers do not always actively use security features when available. More disconcerting is that we lack market surveillance on whether manufacturers ship products with good security features or how the importance of user-controlled security features is explained to IoT users. Our study seeks to address this gap. To do this, we compiled a database of 270 consumer IoT devices produced by 220 different manufacturers on sale at the time of the study. The user manuals and associated support pages for these devices were then analysed to provide a ‘consumer eye’ view of the security features they provide and the cyber hygiene advice that is communicated to users. The security features identified were then mapped to the UK Government’s Secure by Design Code of Practice for IoT devices to examine the extent to which devices currently on the market appear to conform to it. Our findings suggest that manufacturers provide too little publicly available information about the security features of their devices, which makes market surveillance challenging and provides consumers with little information about the security of devices prior to their purchase. On average, there was discussion of around four security features, with account management and software updates being the most frequently mentioned. Advice to consumers on cyber hygiene was rarely provided. Finally, we found a lack of standardization in the communication of security-related information for IoT devices among our sample. We argue for government intervention in this space to provide assurances around device security, whether this is provided in a centralized or decentralized manner.

Type: Article
Title: What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?
Open access status: An open access version is available from UCL Discovery
DOI: 10.1093/cybsec/tyz005
Publisher version: https://doi.org/10.1093/cybsec/tyz005
Language: English
Additional information: This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted reuse, distribution, and reproduction in any medium, provided the original work is properly cited.
Keywords: Internet of Things; IoT security; consumer IoT
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10079499
Downloads since deposit
78Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item