Mozilla, the creator of the popular Firefox browser, has put together a list that ranks products by how secured they are.
Calling it the 'Privacy Not Included' guide (https://foundation.mozilla.org/en/privacynotincluded/), the not-for-profit company initially includes 70 popular products which have either a camera, microphone or trackers.
From the Nintendo Switch, Google Home, Amazon Echo, Apple's Airpods and more, as well as lesser popular products like the Parker Teddy Bear and FREDI Baby Monitor among others.
"The goal was to select connected products that were likely to be popular during the holiday season and beyond," explained Becca Ricks, a former Mozilla and researcher on the guide. "We selected products that were top sellers on Amazon Prime Day… and products that were highly rated."
How Mozilla ranked those devices, is by measuring them according to its minimum security standards for tackling IoT security, which include:
- Encrypted communications: The product must use encryption for all of its network communications functions and capabilities. This is to prevent eavesdropping.
- Security updates: The products must support automatic updates for a reasonable period after sale, and be enabled by default. This is to ensure that when a vulnerability is known, the vendor can push the security updates to consumers.
- Strong passwords: If the products use passwords for remove authentication, they have to require strong passwords to be used.
- Vulnerability management: The vendors must have a system in place to manage vulnerabilities in their products. This must also include a point of contact for reporting vulnerabilities or an equivalent bug bounty program.
- Privacy practices: Products must have privacy policy that is easily accessible, and also uses language that is easy to understand. Users should also have a way to opt-out, and delete their data and account/
Out of the 70 products listed in the Privacy Not Included, Mozilla lists 32 products to have passed the above criteria, with each product receiving its own Minimum Security Standards badge, as shown below:
As more devices are becoming smarter with their ability to connect to the internet, there is a growing concern about how secured these devices are.
In the Internet of Things world, devices that are connected to the internet, are part of the network. Flaws in security would enable hackers to tamper with the device, breaching users' privacy. When these devices are hacked, they fall under the control of the hackers, and do things to their bidding. For example hacked security camera can be made to spy on its users.
Making matters worse, if these devices get hacked, hackers can also make "zombie" devices out of them, which would aid them in bigger attacks, like launching DDoS on certain network or website.
"There’s a lack of strong standards in the IoT space, both for securing networked devices and for keeping data private," continued Ricks. "We hope consumers will use this tool not only to guide their purchasing decisions, but also to educate themselves about how companies approach privacy and security."
Mozilla here is trying to make a difference by educating consumers, and "Hopefully [consumers] will pause and reflect before purchasing devices that seem to be less secure."