Everyday household items, including your remote thermostat and your baby monitor, may make you vulnerable to cyberhackers. But a new US federal programme hopes to identify and label which Internet-connected products are taking extra measures to protect your online information.
Any device that can be accessed remotely and transfers information through the Internet is vulnerable to a hacker, said Tracy Mitrano, visiting professor of information science at Cornell University.
If a hacker can access your device's data, they may be able to get to your account for the product, which is typically linked to a bank account or other personal information, Mitrano said.
On most newly purchased products, the privacy settings are on default or completely off. It is up to you to take steps to protect the information routed through the device.
Mitrano said she recently bought a printer and put a password on it to protect it against “hackers (that could) be foreign governments, organised crime, or they could be the stereotype of the kid in the basement”.
Once a hacker finds a vulnerability, they attack it and use the stolen information, Mitrano said, adding that these attacks can happen in mere “nanoseconds”.
The average household with Internet has more than 17 connected devices, a number that has jumped in the last three years as more people have shifted to working from home, according to research published by Parks Associates, a market research firm focused on internet-connected devices.
But concerns over privacy make many consumers reluctant to buy some products and services that connect to the Internet, said Elizabeth Parks, the firm's president.
Parks Associates found that 30% of the US households connected to the Internet do not own or intend to buy smart home devices, and point to cybersecurity threats as a deciding factor.
In an effort to support consumers in their quest for safe connectivity through their devices, the Federal Communications Commission recently voted to create a voluntary cybersecurity labeling program for wireless consumer products.
The commission yet to publish its final plans for the program, but aims to label smart products that meet robust cybersecurity standards with the new “US Cyber Trust Mark”.
The bright-green label will include a QR code linking to a product registry that will provide consumer-friendly information on the device's cybersecurity protections.
The logo is intended to create trust between the consumer and the companies that make their devices, similar to the Energy Star program, Parks said.
Consumers who purchase a refrigerator or clothes dryer with the Energy Star logo on it know the product is energy efficient; the logo indicates the appliance has undergone a certification process overseen by the US Environmental Protection Agency. It's that level of trust that the FCC hopes to gain with the US Cyber Trust Mark.
As society becomes more connected and more products are created for that connectivity, consumers can make informed purchasing decisions, differentiate trustworthy products in the marketplace and create incentives for manufacturers to meet higher cybersecurity standards to earn the new label, said Jessica Rosenworcel, the FCC's chairperson.
"Our expectation is that over time more companies will use the Cyber Trust Mark—and more consumers will demand it," Rosenworcel said in a statement.
She said the mark has “the power to become the worldwide standard for secure Internet of Things devices”. – Los Angeles Times/Tribune News Service