Consumer Reports to consider data security as part of product reviews

Consumer Reports, an influential U.S. non-profit group is gearing up to start considering cyber security and privacy safeguards when scoring products.

By: Reuters | Updated: March 8, 2017 7:12 pm
Consumer Reports, US non profit group, cyber security, privacy safeguards, new methodologies, test projects, cyber attacks, internet of things, personal cyber security, Craigslist, PayPal, Spotify, Twitter, thedigitalstandard.org, Consumer Technology Association, Technology, Technology news The effort follows a surge in cyber attacks leveraging easy-to-exploit vulnerabilities in connected devices, which are sometimes collectively referred to as the internet of things. ( Source: Consumer Reports)

Consumer Reports, an influential U.S. non-profit group that conducts extensive reviews of cars, kitchen appliances and other goods, is gearing up to start considering cyber security and privacy safeguards when scoring products.

The group, which issues scores that rank products it reviews, said on Monday it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.

Watch all our videos from Express Technology

Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products, Maria Rerecich, the organization’s director of electronics testing, said in a phone interview. This is a complicated area. There is going to be a lot of refinement to get this right,” Rerecich said.

The effort follows a surge in cyber attacks leveraging easy-to-exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices, which are sometimes collectively referred to as the internet of things. “Personal cyber security and privacy is a big deal for everyone. This is urgently needed,” said Craig Newmark, the founder of Craigslist who sits on the board of directors at Consumer Reports.

In one high-profile October attack, hackers used a piece of software known as Mirai to cripple an internet infrastructure provider, blocking access to PayPal, Spotify, Twitter and dozens of other websites for hours. Another attack in November shut off internet access to some 900,000 Deutsche Telekom customers. Security researchers have said the attacks are likely to continue because there is little incentive for manufacturers to spend on securing connected devices.

Also Read: What do you need to know about the CIA’s hacking program?

“We need to shed light that this industry really hasn’t been caring about the build quality and software safety,” said Peiter Zatko, a well-known hacker who is director of Cyber Independent Testing Lab, one of the groups that helped Consumer Reports establish the standards. The first draft of the standards is available online at thedigitalstandard.org.

Issues covered in the draft include reviewing whether software is built using best security practices, studying how much information is collected about a consumer and checking whether companies delete all user data when an account is terminated. Jeff Joseph, senior vice president for the Consumer Technology Association, called the decision by Consumer Reports a “positive step” but cautioned that the group “must be very clear about how they score products and the limitations of what consumers can expect.”

For all the latest Technology News, download Indian Express App

    Live Cricket Scores & Results