Australia Just Implemented A Voluntary Code For Home Devices To Combat Cyber Spies

What if your handy, helpful home device was putting your family in danger? Australia has responded with a ‘voluntary code’ for companies to implement.

Photo Credit: Beyond Infinity

Amazon’s first home device Alexa was launched in November 2014 and has since become a household staple. As a virtual assistant, it’s voice controlled and responds to a variety of commands. Besides being able to play music on demand, it can also read aloud various news articles and headlines, order things online, tell you the weather, and if you have the appropriate home devices, turn on and off lights, power and electronic switches.

Its handiness however, does not come without its faults. In the last five years, with the emergence of newer, different home devices, a growing concern revolving around cyber crime and safety has been brought to the forefront.

Research conducted by the Berlin based company Security Research Labs explains that at home devices can act as “smart spies” and allow “third-party developers access to user inputs” which puts homes at risk of stalking, hacking and identity theft.

The labs found they could “compromise the data privacy of users” by requesting and collecting “personal data including user passwords” and “eavesdrop on users after they believed the smart speaker had stopped listening.”

Australia’s response to such concerns has resulted in Tuesday’s Home Affairs Industry Summit in Melbourne. Its launch for the 2020 Cyber Security Strategy is in combination with Peter Dutton’s unveiling of a voluntary code that was developed alongside Australian Cyber Security Centre called the “Internet of Things Code of Practice.”

The code requests that companies like Amazon adopt it by developing a “vulnerability disclosure policy.” This policy attempts to ensure the safety and security of Australians who have at home electronic devices like Amazon’s Alexa and Google’s Google Home. If Australia implements a protective industry code, it will join Britain in its attempt to crack down on cyber crime. 

Cyber crime is rapidly increasing in Australia, especially with the development of new technologies. Dutton’s code could help to alleviate its consequences. On Tuesday, he said that “the threat from foreign interference is at an unacceptably high level.”

According to the Sydney Morning Herald: “A report released in August by research firm Security in Depth found reported cyber attacks against Australian businesses had increased more than 700 percent since February last year, costing the nation $7.8 billion.”

The Draft Code of Practice has 13 principles:

  1. No duplicated default or weak passwords
  2. Implement a vulnerability disclosure policy
  3. Keep software securely updated
  4. Securely store credentials and security-sensitivity data
  5. Ensure that personal data is protected
  6. Minimise exposed attack surfaces
  7. Ensure communication security
  8. Ensure software integrity
  9. Make systems resilient to outages
  10. Monitor system telemetry data
  11. Make it easy for consumers to delete personal data
  12. Make installation and maintenance of devices easy
  13. Validate input data

Whilst the code is important, it is only voluntary, and its effectiveness is not guaranteed. Companies like Amazon and Google Home can choose to ignore Dutton’s request, but even if they do implement the code, it is not guaranteed to create a barrier against cyber crime, especially with its advancement in the 21st century.

Would you reconsider owning a Google Home or Alexa device if you knew that people could hack in and listen to your conversations? Let us know in the comments down below!