The past weeks have seen an explosion of talks about consumer privacy, particularly in the field of smart home technology. After a string of Nest camera hacks, consumer groups began to put plans in action to prevent further incidents from happening — and in the process, found just how dire the state of smart home security is. Although multiple requests have been made to manufacturers to strengthen their digital security, few have followed through or implemented helpful plans. In turn, privacy advocates have turned to a different tactic: shaming retailers that sell insecure devices.
Eleven different groups including the Mozilla Foundation, the Center for Democracy and Technology, and The Internet Society posted a “Dear Retailer” letter on February 12 titled, “This Valentine’s Day all we want is products that meet minimum security standards.” When polite requests don’t work, perhaps public shaming is the way to go.
Four companies were called out in the letter: Amazon, Target, Walmart, and Best Buy. The opening text makes the intent of the letter clear: “The advent of new connected consumer products offers many benefits. … there are also serious concerns regarding standards of privacy and security with these products. These require urgent attention if we are to maintain consumer trust in this market.”
The letter goes on to mention how predictions expect 10 billion active Internet of Things products by 2020 and that all of these should meet high standards of security, but if that isn’t possible, then “minimum requirements” must be met. The letter outlines five criteria that make a device secure enough: Encrypted communications, security updates, strong passwords, vulnerability management, and privacy practices.
The problem ultimately lies in the fact that there is no single regulating body for IoT security. Until more strict guidelines are introduced and enforced, consumers will have no guarantee of privacy or security. One solution is to use unofficial databases like Privacy Not Included, a service that scores smart home devices against minimum security guidelines. Of the 87 products in the database, only 42 met the minimum criteria. The good news is that Google Home, Amazon Alexa, and Philips Hue were among those products.
Until better security is guaranteed, customers should make sure they use security best practices: Strong passwords, secure email addresses, and a careful approach to any activity that may create a vulnerability in your home network.
