NIST publishes home IoT report for public consultation
The US National Institute of Standards and Technology (NIST) published a draft report titled ‘NISTIR 8267 – Security Review of Consumer Home Internet of Things (IoT) Products” for public consultation. The report includes a technical review of the security features of home IoT devices (such as smart light bulbs, security lights, security cameras, doorbells, plugs, thermostats, and televisions), in order to better understand their security capabilities. Based on the findings, the report provides a list of recommendations for manufacturers: (a) Requiring users to create strong application passwords, upon initial configuration. (b) Using certificates to help mitigate man-in-the-middle attacks.(c) Preventing access to device’s unused physical and logical access ports. (d) Developing processes for device software updates and notifying users in a timely manner. The report is based on previous research done by NIST on IoTs, including draft NISTIR 8259, Core Cybersecurity Feature Baseline for Securable IoT Devices, and NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risk. The deadline for public comments is 1 November 2019.