07.04.2025

Updated Radio Equipment Directive Bring Major Changes for Smart Device Security

In August 2025, the updated EU Radio Equipment Directive (RED) will enter into force. The directive brings stricter information security requirements for manufacturers, importers and distributors of wireless smart devices. The update is due to the explosive growth of smart devices and the new information security threats they create, which do not only extend to individual products.

Essentially, the updated directive is about ensuring that smart devices do not damage data networks or other devices connected to the network. For example, in autumn 2024, Nordea faced major denial-of-service attacks. These attacks used hijacked devices from people’s home networks as part of a botnet.

Iikka Taanila, a cyber security expert from Huld, says that raports of such attacks are increasing. They often target poorly protected smart home devices like surveillance cameras, routers, or washing machines

Smart Device Risks – What Has Changed?

Taanila explains that cybercriminals have increasingly been using smart devices for denial-of-service attacks, a trend that’s growing due to people’s desire for comfort. More and more smart devices are being used in homes to make daily life easier.

“For example, having a cleaning robot that keeps your kitchen floor clean every day is great. But if there’s even one vulnerable device in your smart home, you could unknowingly become part of a botnet, which could, in the worst case, disrupt important services like online banking,” says Taanila.

Taanila also notes that the risks of smart devices go beyond denial-of-service attacks. Poorly secured devices, like home security cameras, can expose your daily life to cybercriminals. This information could potentially be used to break into your home.

Iikka Taanila emphasizes that the purpose of the updated directive is to strengthen the security of smart devices and data networks.

Vulnerabilities Pose Threats to Companies

In addition to households, companies are also increasingly using smart devices. According to Taanila, access to the company’s business-critical systems is a much greater threat than a denial-of-service attack. For example, in 2017, a vulnerability was discovered in a smart aquarium in a Las Vegas casino. It allowed hackers to gain access to the company’s network and steal a significant amount of customer data.

“Many devices are designed for quick and easy use, but not enough effort is always made to ensure their long-term safety. There are unfortunate examples on the market where a smart device manufacturer has stopped software updates within a few years of the product launch, even though the device may have a ten-year lifespan,” Taanila comments.

Updated Regulations Bring Significant Security Improvements

The updated Radio Equipment Directive, effective in August, will strengthen information security requirements for wireless smart devices and increase manufacturer responsibility. In the future, devices like home surveillance cameras, cleaning robots, and industrial wireless measuring tools must follow strict security standards. This includes risk assessments, security testing, and considering information security throughout the product’s life cycle.

“As a result, consumers and businesses won’t have to guess if a smart device meets top security standards. Only devices that meet these requirements will be allowed in the EU market,” says Taanila.

Information Security Is a Shared Responsibility

The security of smart devices is not only up to manufacturers. Consumers and businesses, including system administrators, must also ensure devices are kept up to date. Without regular software and security updates, devices become vulnerable to cyberattacks.

“A smart device bought six months ago may have a vulnerability that hackers can exploit if the necessary update hasn’t been installed,” Taanila warns.

He emphasizes that security updates aren’t just recommendations – they are essential. Updates protect against attacks and ensure device security. If not installed, the risk extends beyond the device itself, putting your environment, company, and customers at risk of cyber threats.

“Fortunately, some manufacturers have already made devices that update automatically without user action,” he adds.

However, no information security is completely flawless. Security experts keep on working hard to protect devices, as criminals continually find new ways to breach protections.

“I believe that new information security regulations will lead to more secure devices, making networks more reliable. As consumers become more aware of information security, everyday life and the use of smart devices will become even safer,” says Taanila.