Israel issues cyber-security IoT consumer disclosure guidance for public consultation
Israel has released consumer disclosure guidance on IoT cybersecurity for public feedback. Consumers are to be informed about the potential for cyber-attacks, changing passwords, security update timelines, and installation procedures. Lack of password change options or expected updates indicates a faulty or low-quality product. Disclosure must happen before and during the transaction, presented clearly and prominently.
Israel’s Consumer Protection and Fair-Trade Authority and Israel National Cyber Directorate issue cyber-security IoT consumer disclosure guidance for public consultation. According to the guidance, the consumers must be informed whether the IoT product they plan to purchase can be exploited for a cyber-attack. Furthermore, the guide details that consumers must be informed of the following: (1) how to change the initial password and instruct them to do so, (2) the duration in which the manufacturer is expected to publish security updates, and (3) how to install security updates. In cases where there isn’t an option to change the password, or there aren’t any expected security updates, the consumers must be informed that the product is either faulty or low-quality. Consumer disclosure must occur before and during the transaction, and the information must be presented clearly and prominently.