Consumers are still unaware that modern home devices, including fridges, kettles and lightbulbs, leave them vulnerable to cybercrime, according to a leading UK police officer. Known as internet of things (IoT) products, experts say hackers can exploit them to infiltrate home networks.
Durham chief constable Mike Barton, who leads the National Police Chiefs Council on crime operations, believes that such products should now come with a cybersecurity rating alongside the more traditional energy evaluations at point-of-sale in shops and retailors.
"It's not just how many yoghurts you are eating that is at risk, it's that your internet of things are all plugged into the same network. That is a back door into your network," Barton warned.
The spike in the number and variety of internet-connected devices currently being rushed-to-market has cybersecurity experts concerned.
Despite trepidation, major consultancy firms including Gartner have forecast that by 2020 there will be billions of connected devices in use around the world.
"You've got a situation where we don't know what the security is like in the devices we are buying in the internet of things," Barton said, according to The Telegraph. "It's just not reported. And yet that is the most significant component of what it is you are buying.
"The fact it's digitally enabled is why you are buying it, so why if it's digitally enabled are we not assessing that device on its internet security? Whenever you go into a store now you see fridges and it's A down to F in terms of its energy efficiency. Where are the security ratings?"
There have been a number of major cybersecurity incidents directly blamed on IoT devices, including the so-called "Mirai" outbreak, a botnet which enslaved products to launch cyberattacks. Experts have warned that everything from children's toys to sex toys can now be hacked.
"We are in the foothills [and] it is easier now to create something like this than it will be in 10 years' time when there would be tens of millions of products," Barton stressed. "I don't want to look back and be accused of not actually waving a flag to say we should be doing more."
Bruce Schneier, a world-famous infosec guru, warned in a keynote earlier this year that the sharp surge in IoT products – which often shun security protections – will have severe consequences.
"The internet now senses, thinks and acts," Schneier said in early June. "That is the classic definition of a robot. To me, the correct way to think about the internet of things, and the internet in general, is that we are building a world-sized robot without even realising it.
"I think regulation is coming in a big way," he continued. "There is a worry that regulation can stifle innovation but I think if you look at the history that's not the case. The industry always ends up adapting and we are going to have to because governments will get involved regardless.
"The risks are too great and the stakes are too high."