Consumer Reports Calls for IoT Manufacturers to Raise Security Standards

Consumer Reports has issued a letter to 25 connected camera manufacturers, urging them to adopt stronger security and privacy measures for cameras, doorbells, and security systems.

The letter is directed to companies including ADT/LifeShield, Guardzilla, Honeywell Home, Google/Nest, Ring, SimpliSafe, TP-Link, and Samsung SmartThings. In it, Consumer Reports' Policy Counsel Katie McInnis requests clarifications on the steps manufacturers are taking to prevent hacks and unauthorized access to devices and systems following a series of recent incidents in which connected cameras were used to harass people in their homes.

"Connected devices such as cameras are increasingly being used in the private sphere of the home and collect highly sensitive information including voice and visual recordings of the home and the area immediately around a private residence," she writes. As consumers learn of attacks on home systems, she adds, they have grown more concerned with privacy than cost.

Consumer Reports' product ratings will continue to change to reflect the security and privacy standards it believes are necessary to protect users. Companies are urged to adopt stronger measures: automatic software/firmware updates enabled by default; protection for credential stuffing and reuse; requirement for multifactor authentication and more secure passwords; and inclusion of a visible indicator when cameras are active are a few suggestions that the letter offers.

Device makers are requested to submit which security practices they have implemented, and which additional measures they plan to use in the future, and by which date, by January 27.

Read the full letter here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "6 Unique InfoSec Metrics CISOs Should Track in 2020."