• New Aussie spy base to stop military attack from China
• Aged Care Minister censured for ‘failing to recall basic facts’

But computer security experts warn the 13-part voluntary code may not be enough to prevent widespread security dangers as the worst offenders will not be forced to change their ways under the code, and Australia still has a way to go to catch up to progress in other countries.

Home Affairs Minister Peter Dutton and Defence Minister Linda Reynolds released the code of practice on Thursday, meeting one of the requirements of the Federal Government’s new 2020 Cyber Security Strategy.

Ms Reynolds said the code’s 13 recommendations for smart home device makers were designed to protect consumers from hidden risks.

“Boosting the security and integrity of internet-connected devices is critical to ensuring that the benefits and conveniences they provide can be enjoyed without falling victim to cyber criminals,” she said.

The Securing the Internet of Things for Consumers report estimated more than 21 billion internet-connected devices would be installed in homes worldwide by 2030, with other forecasts as high as 64 billion, creating an urgent need for “cybersecurity provisions that defend against potential threats and malicious cyber activity”.

The code’s top three priorities for device makers include ditching default passwords that could be easily hacked, issuing regular security software updates automatically, and disclosing security problems when they occur.

The code said manufacturers should also accept warnings from the public about problems and introduce “a bug bounty program (that) encourages and rewards the cybersecurity community for identifying and reporting vulnerabilities”.

Recent smart home hacks have included internet-connected baby monitors, doorbells, printers, and garage door controls.

Despite threats detailed in the report, Australia’s code will be voluntary — described as “encouraged but optional” — for device makers, which Okta cybersecurity executive director and “white hat hacker” Marc Rogers said would not guarantee “the impact we all hoped it would have”.

MORE NEWS:

‘Low act’: Dying Aussie booted out of home in food row

Fugitive Melbourne teacher loses appeal

How Aussies are saving $442 a month

Why an ergo home office will save your body from injury

Mr Rogers, who recently gained unauthorised access to 10 out of 12 smart home device during a three-day hackathon, said this type of consumer technology posed real risks to both consumers and national security if not designed safely and updated regularly.

“In places like China, these devices are made very cheaply, they have default passwords you can’t change, and sometimes the code is five or six years old before the device even hits the marketplace,” he said.

“It should not be the users’ responsibility to make sure these thing remain secure. Manufacturers should ensure these devices are secure by design.”

Mr Rogers said Australia’s voluntary code followed similar guidelines in Britain, where the government had now proposed to make them mandatory for all smart home devices sold in the country.

Mimecast principal technical consultant Garrett O’Hara said the new guidelines for both countries were “a step in the right direction” for a growing area within the market that was essentially lawless and riddled with risk.

“It’s a wild west,” he said. “There is no global tick or seal of approval for these devices … or standards like we have for other products sold in this country. We don’t have consumer rights or law to protect buyers. The market is driven entirely by price, not what’s best for Australian citizens.”

Mr O’Hara said Australians looking to buy any connected gadget, from a connected toaster to a smart coffee warmer, should look beyond the fun aspect of it and consider whether it would come with security protections.

And Mr Rogers aid consumers should carefully consider a brand’s reputation and, if they had suffered a security problem in the past, how they had reacted to it.

“Sometimes (having been hacked) makes them a better company,” he said.

SMART HOME DEVICES THAT HAVE BEEN HACKED:

Philips Hue Lightbulbs

Ring Video Doorbell

Google Chromecast

Samsung smart fridges (early models)

LG SmartThinQ washing machines

Chamberlain MyQ Hub garage door openers

McLear NFC Ring smart door locks

HP Printers

iBaby Monitor M6S

Orvibo Smart Home devices

Originally published as Smart home cybersecurity guidelines issued in Australia to prevent virtual break-ins