“One day in August 2015, Jared Denman got a frightened phone call at work from his wife, who was home with their 2-year-old daughter. A song was playing through the couple’s baby monitor – the Police’s “Every Breath You Take.” The monitor was the kind that connects to the internet so that parents can see and talk to their baby or caregiver when they’re away from home. The device had been taken over by a malicious hacker, and the song’s lyrics were particularly ominous: “Every game you play, every night you stay, I’ll be watching you”.
According to the non-profit organization Consumer Reports, incidents like this illustrate the need for consumers to be better educated and more vigilant when it comes to digital security. The group which is popular for its extensive reviews of cars, kitchen and other appliances prepares to start considering cyber security and privacy safeguards when scoring products. The group said that it has started collaborating with third party organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.
The group will begin implementing the new methodologies, starting with test projects that evaluate small numbers of products.
“This is a complicated area. There is going to be a lot of refinement to get this right”, said Maria Rerecich, the Consumer Report’s director of electronics testing. She spoke to Reuters and explained that her organization’s effort follows a large increase in cyber attacks which exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices, which are in use in office and home environment.
In one a large scale denial of service (DDoS) attack in October 2016, hackers used a piece of software known as Mirai to block the network of an internet infrastructure provider. They have prevented access to PayPal, Spotify, Twitter and other websites for hours. A separate network attack in November shut down internet access to 900 thousand Deutsche Telekom customers.
According to digital security experts and researchers such attacks are likely to continue due to fact that manufacturers of Internet connected devices are unwilling to spend on securing their connectivity functions.
Thedigitalstandard.org, an organization that represents a collaborative effort to create a digital privacy and security standard to help guide the future design of consumer software, digital platforms and services, and Internet-connected products has already published its first draft of proposed standards for the industry. According to Peiter Zatko, a director of Cyber Independent Testing Lab people have to “shed light that this industry really hasn’t been caring about the build quality and software safety”. His organization is one of those that partners to Consumer Reports establish the standards.
The draft covers issues such as security practices in software development, studies how much information is collected about a consumer and checks whether companies delete all user data when an account is terminated.