JNE Security’s MINDER doorbell camera achieves Secure Connected Device accreditation

The new MINDER HD doorbell camera is the ideal product to assist with the reduction of doorstep crime. When the doorbell button is pushed it gives the option to view and speak to the caller from any location, without opening the door.  In addition, if the doorbell is not answered the caller is given the option to record a 10 second video message.  

The doorbell is fitted with a motion detector that will record any human movement approaching the front or back entrance door, with the footage saved onto the SD card which can be played back at a future date, with a smartphone notification too. A cloud subscription is not required. 

Ken Povey Managing Director of JNE Security Ltd said: “The MINDER HD video doorbell camera is cyber and data secure having successfully passed Level 1 and level 2 IoT cyber assurance. For full product information please log on to our new JNE Security website www.jnesecuritytrade.co.uk.”

Hazel Goss, Secured by Design, said: “I am delighted that JNE Security’s MINDER doorbell camera has achieved the SBD Secure Connected Device accreditation, having met the required standard for both its physical and cyber security attributes. 

“The government mandated compliance with the Product Security and Telecommunications Infrastructure Act 2022 by 29th April 2024 so it is critical that businesses who produce or supply IoT connected products ensure that they are sighted on this law and have taken the appropriate steps to ensure that they are compliant with its requirements.  

“Obtaining the Secure Connected Device accreditation will build confidence and trust in JNE Security’s MINDER doorbell camera and I hope that other companies within the industry and beyond will take note of this achievement and follow in their footsteps.” 

Find out more about JNE Security’s extensive range of SBD accredited products here. 

Securing the Internet of Things 

The Secured by Design Secure Connected Device accreditation scheme, developed in consultation with the Department for Science, Innovation and Technology (DSIT), is leading the way when it comes to securing Internet of Things products available to consumers in the UK. 

The Internet of Things (IoT), which collectively refers to any electronic smart device equipped with sensors and internet connectivity that can action, collect, store and share data, has seen a proliferation of IoT devices over recent years, with IoT devices everywhere. They can be almost anything, from light bulbs and energy monitors to door locks, alarm systems, kitchen appliances, pet cameras and smartphones. 

Whilst these consumer connectable products offer huge benefits for people and businesses to live better connected lives with a lower carbon footprint, the adoption of cyber security requirements within these products is poor. Consumers overwhelmingly assume that these products are secure, however, whilst connectable consumer products have previously had to comply with existing regulation to ensure that they will not directly cause physical harm from issues such as overheating, environmental damage or electrical interference, they have not until very recently been regulated to protect consumers from cyber harm such as loss of privacy and personal data. 

To close this regulatory gap and to address the issue of insecure technology, the government drew up the Product Security and Telecommunications Infrastructure Act 2022, which was enacted into law in December 2022.  Businesses were then given a grace period with which to become compliant with the Act, with compliance required by the 29th of April 2024. 

The Act requires manufacturers, importers and distributors to ensure that minimum security requirements are met in relation to connectable products that are available to consumers in the UK and provides a robust regulatory framework that can adapt and remain effective in the face of rapid technological advancement, the evolving techniques employed by malicious actors, and the broader international regulatory landscape. 

So why is this law so critical? 

Criminals are aware of the weakness within insecure technology and have been exploiting the vulnerabilities in these devices. 

In 2021 the consumer magazine Which? undertook a study to look at how a smart home could be at risk from hackers, setting up their own smart home. This detected more than 12,000 scanning or hacking attempts in a single week. Without the appropriate levels of security, any internet connected device or app is at risk of being readable, recognisable, locatable, and/or controllable via the internet, thus providing cyber criminals with the ‘key’ in accessing and stealing personal data. This can then be used for a multitude of criminal purposes, including burglary, theft, blackmail, harassment and stalking.

In April 2023, UK Security Minister Tom Tugendhat revealed that cyber hacked businesses each ended up £15,000 out of pocket, telling the CYBERUK Conference: “A quick look at the basic figures is enough to bring home the scale and severity of the issue we face. 

“New findings released just yesterday from the Cyber Security Breaches Survey show that 32% of businesses experienced at least one cyber breach in the last 12 months.  This year, for the first time, the survey also tells us how many of these breaches resulted in a cybercrime being committed”. He said sight must not be lost that there is a human victim behind each figure, adding “Each is a grandparent defrauded, and stripped of their savings. Each is a small business held to ransom, and jobs lost”. 

What does the law cover?

The Product Security and Telecommunications Infrastructure Act applies to all consumer IoT products, including but not limited to:

• connected safety-relevant products such as door locks
• connected home automation and alarm systems
• Internet of Things base stations and hubs to which multiple devices connect
• smart home assistants
• smartphones
• smoke detectors
• connected cameras
• connected fridges, washers, freezers, coffee machines

 What does the law require?  

These minimum security requirements contained within the law are based on the UK’s Code of Practice for Consumer IoT security, the leading global standard for consumer IoT security ETSI EN 303 645, and on advice from the UK’s technical authority for cyber threats, the National Cyber Security Centre. 

The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses.

What are the penalties for not complying with the law? 

The robust regulatory framework within the law contains an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market within it. This enforcement regime enables the government to take a range of actions against companies that are not compliant with the law. This includes: 

• Enforcement Notices: Compliance notices, Stop notices and Recall notices 
• Monetary penalties: the greater of £10 million or 4% of the company’s qualifying worldwide revenue 
• Forfeiture: of stock which is in the possession or control of any manufacturer, importer or distributor of the products, or an authorised representative

How SBD’s Secure Connected Device is leading the way 

SBD’s Secure Connected Device accreditation scheme, helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard, a requirement that goes beyond the Government’s legislation so that companies can not only demonstrate their compliance with the legislation but help protect themselves, their products and customers. 

The SBD Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes with one of the SBD approved certification bodies. Once third-party testing and independent certification for a product has been achieved, the company can apply to become SBD members, with the product receiving the SBD’s Secure Connected Device accreditation, a unique and recognisable accreditation that will highlight products as having achieved the relevant IoT standards and certification. 

It is an SBD membership requirement for any IoT connected product or service to have achieved the SBD ‘Secure Connected Device’ accreditation.

Compliance with the Secure Connected Device accreditation also sends a clear message to the wider industry of the importance of IoT security and companies accredited to this SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach. 

The Secure Connected Device accreditation is the only way for companies to obtain police recognition for the security of their IoT products in the UK. 

To start the SBD Secure Connected Device accreditation process or find out more, visit www.securedbydesign.com/IoT