“In the document, BITAG warned that ‘the nature of consumer IoT is unique because it can involve non-technical or uninterested consumers; challenging device discovery and inventory on consumer home networks,’ adding that IoT devices can be hijacked to create ‘Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures, and disturb or harass authorized users or device owners.’”
“To avoid such exploits, BITAG makes a number of recommendations for manufacturers, including:
Shipping products with up-to-date software
Including a mechanism for automated and secure software updates
Providing ‘Strong authentication’, such as password protection, by default
Conducting security tests on a number of configurations
Following security and cryptography best practices
Ensuring devices remain functional even if the cloud back-end fails”
Source: Google, Microsoft and others create guidelines for improving IoT security | AndroidAuthority