Consumer Reports to consider cyber security in product reviews

Reuters


(Adds comment from Consumer Technology Association)
    March 6 (Reuters) - Consumer Reports, an influential U.S.
non-profit group that conducts extensive reviews of cars,
kitchen appliances and other goods, is gearing up to start
considering cyber security and privacy safeguards when scoring
products.
    The group, which issues scores that rank products it
reviews, said on Monday it had collaborated with several outside
organizations to develop methodologies for studying how easily a
product can be hacked and how well customer data is secured.
    Consumer Reports will gradually implement the new
methodologies, starting with test projects that evaluate small
numbers of products, Maria Rerecich, the organization's director
of electronics testing, said in a phone interview.
    "This is a complicated area. There is going to be a lot of
refinement to get this right," Rerecich said.
    The effort follows a surge in cyber attacks leveraging
easy-to-exploit vulnerabilities in webcams, routers, digital
video recorders and other connected devices, which are sometimes
collectively referred to as the internet of things. [nL4N1D426W]
    "Personal cyber security and privacy is a big deal for
everyone. This is urgently needed," said Craig Newmark, the
founder of Craigslist who sits on the board of directors at
Consumer Reports.
    In one high-profile October attack, hackers used a piece of
software known as Mirai to cripple an internet infrastructure
provider, blocking access to PayPal, Spotify, Twitter and dozens
of other websites for hours. Another attack in November shut off
internet access to some 900,000 Deutsche Telekom <DTEGn.DE>
customers. [nL1N1CR0JI][nL8N1DU5T6]
    Security researchers have said the attacks are likely to
continue because there is little incentive for manufacturers to
spend on securing connected devices.
    "We need to shed light that this industry really hasn't been
caring about the build quality and software safety," said Peiter
Zatko, a well-known hacker who is director of Cyber Independent
Testing Lab, one of the groups that helped Consumer Reports
establish the standards.
    The first draft of the standards is available online at https://thedigitalstandard.org.
    Issues covered in the draft include reviewing whether
software is built using best security practices, studying how
much information is collected about a consumer and checking
whether companies delete all user data when an account is
terminated.
    Jeff Joseph, senior vice president for the Consumer
Technology Association, called the decision by Consumer Reports
a "positive step" but cautioned that the group "must be very
clear about how they score products and the limitations of what
consumers can expect."

    <^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After cyber attacks, Internet of Things wrestles with making
smart devices safer    [nL4N1D426W]
Cyber attacks disrupt PayPal, Twitter, other sites
[nL1N1CR0JI]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^>
 (Reporting by Jim Finkle in Boston; Editing by Peter Cooney and
Lisa Shumaker)
 ((jim.finkle@thomsonreuters.com; +1 617-856-4344; Reuters
Messaging: jim.finkle.thomsonreuters.com@reuters.us))

Keywords: CYBER CONSUMERREPORTS/ (UPDATE 1)


Referenced Symbols: DTEGN