Reuters has revealed that Consumer Reports, an influential U.S. non-profit group that conducts extensive reviews of cars, kitchen appliances and other goods, is gearing up to consider cyber security and privacy safeguards when scoring products in future.
A recent announcement from Consumer Reports, an influential US group that conducts extensive product reviews, suggests that they will consider cyber security and privacy safeguards when scoring products.
Ryan Lester, director of IoT Strategy, Xively by LogMeIn commented to IoT Now: “No matter the product, security needs to be a foremost concern for manufacturers. When talking about IoT products specifically, security becomes even that more important and complex.
Having an assessment model in place will be a great incentive to make sure manufacturers are leaving no stone unturned when it comes to the security of their products, but it is also important to keep in mind that the responsibility does not fall on the manufacturer alone.
“Product manufacturers can build in various security mechanisms to reduce the risk of attacks – including strong authentication, encryption and the like – but consumers also need to do their due diligence as well. Creating strong passwords, connecting to only secured networks, ensuring firmware is up to date, etc. are just a few steps consumers themselves can do to ensure their own security in the world of connected products,” Lester concluded.
Moshe Elias, director of Product Marketing at Allot Communications said, “Consumer Reports considering cyber security in product reviews is a step in the right direction. Manufacturers need an incentive to apply security and a high review score may help.
“The problem with the consumer IoT industry is that emphasis is made on functionality which is natural, but none on security. These ‘things’ or devices are a security backdoor. A Wi-Fi-connected doorbell is ‘not interesting’ in itself, but if it stores the Wi-Fi password in clear text a hacker can use that to access all the household connected devices, alarm systems computers, etc.,” said Elias.
The security solution, however, needs to be layered and centred around a network-based security system that is delivered by a capable operator, accoding to Allot. Just as every smartphone and computer have vulnerabilities, so will IoT devices and these require an additional layer of security – in the network.
“Device ranking will not guarantee that devices become unhackable. Protecting access and validating data on a device-by-device basis is not a sufficient solution. Most devices are closed systems and don’t allow installing any security client software or any software after shipping from the factory. And even if some devices allow that, this approach requires investment and scalability, and continuous maintenance needed to ensure devices are controlled. A more reasonable approach,” Elias believes, “is a comprehensive solution delivered from the CSP network (network-based) security solution, that unifies all security functions needed to control any device (whether an IoT device or mobile handset) and provides a simple, scalable way to protect the network with a growing number of connected devices.”
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow