Slashdot Mirror
Consumer Reports To Consider Cyber Security in Product Reviews (reuters.com)
Consumer Reports, an influential U.S. non-profit group that conducts extensive reviews of electronic products, cars, kitchen appliances and other goods, is gearing up to start considering cyber security and privacy safeguards when scoring products. From a report: The group, which issues scores that rank products it reviews, said on Monday it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured. Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products, Maria Rerecich, the organization's director of electronics testing, said in a phone interview. "This is a complicated area. There is going to be a lot of refinement to get this right," Rerecich said. The effort follows a surge in cyber attacks leveraging easy-to-exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices, which are sometimes collectively referred to as the internet of things.
...and really, most products should get terrible marks to start with.
This is in many ways what IIHS did, that compelled the auto industry to make ever safer cars. The NHTSA crash testing is so hobbied by laws designed to make it ineffective that it took the insurance companies, tired of paying out claims for AD&D to embarrass car makers into making safer cars.
I have a feeling that if Consumer Reports isn't successful, increasing payouts by insurance companies when breaches occur might be.
Do not look into laser with remaining eye.
This is great. I've been promoting the idea that independent test labs such as uL, or standards such as the CE mark, should include product security as well. Having consumer ratings include them could significantly increase awareness of security. We, as tecnhologists and consumers, really need to hit hard against companies selling inherently insecure products. With the rise of botnets, insecure products are no longer just a threat to our own networks, but to national security as well.
There's a difference between not caring and not being informed. Most people do not know what the risks are. When someone can hack your thermostat, you are going to care!
RTFA:
...it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured. "
"
When someone can hack your thermostat, you are going to care!
When somebody hacks your thermostat, you are (probably) going to care. Nobody gives a rat's ass until the consequences are tangible.
He's getting rather old, but he's a good mouse.
One of the first things I thought of when I read this is how would they rate a Windows 10 PC, Mac or a Chromebook? What about a smartphone or tablet? Even many PCs with Linux already installed would be suspect with different packages that come with the system.
It's great that they'll rate connected appliances, cars and streaming boxes but that's leaving out the classes of devices which are the biggest risk to consumers data - the systems they handle almost literally 24 hours a day.
Ironically, CR doing this is a great way of making the great unwashed more aware and concerned about their cyber-security.
Mimetics Inc. Twitter
nice stereotype there.
Anonymous Cowards are all trolls living in their mom's basement.
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
Say "cyber" one more time...