If a cyberattack originates from your home—even if you didn’t cause it—the police could knock on your door. Because the IP address is yours. And it could end badly.
All of this happens because we have internet-connected devices at home that never update. They can be turned into digital weapons: refrigerators, cameras, printers, thermostats, smart bulbs—all potential digital zombies used by hackers to attack websites, companies, and governments without us even knowing.
The good news is that a new European law is on the way. It’s called the Cyber Resilience Act. It will require anyone selling these products in Europe to provide security updates for at least five years, with hefty fines—up to 15 million euros. The initial measures will start in 2025, but everything will be mandatory by 2027.
But note: this law applies only to products sold within the European Union. If you buy directly from a Chinese website, the law doesn’t apply. Customs won’t check if that product offers updates—there’s no universal label or certificate to verify it quickly. So, we keep importing risky devices, often without even realizing it.
Right now, it’s like the Wild West. An ENISA investigation found that 45% of IoT devices sold in Europe in 2023 received no updates at all, leaving open doors into our home networks. Hackers know this; they automatically scan for vulnerabilities and break in when they find one.
The most notorious case is Mirai—a malware that infected millions of cameras and routers worldwide. Just a few clicks were enough to turn them into a massive digital weapon, shutting down part of the Internet, including some very famous websites.
And the damage isn’t just technical. If an attack originates from your home, even if the culprit is a compromised printer, you’re the one who ends up having to answer for it. Explaining that it was the refrigerator’s fault isn’t that simple. Meanwhile, serious—and even legal—problems are at stake.
In the meantime, watch what you buy. Avoid super-cheap or unknown smart devices, especially if they don’t clearly state if and how they’ll be updated. Treat them for what they are: connected computers. They need to be updated, protected, and managed. Because if we don’t take care of them, someone else will—and it won’t be for our benefit.
