last posts

The worst products at CES for security and privacy

techsm5

Comment

LAS VEGAS — U.S. buyers, regulators and businesses face a problem: Tech products often come to market with giant security and privacy flaws.

Meanwhile, CES, a giant annual consumer electronics show in Las Vegas, brings a flood of new gadgets. It could be pouring gas on a fire, privacy and security experts say.

“I think there’s a chronic problem with consumer electronics, that they don’t give people the full picture they need to assess whether they want to use these tools,” said Cindy Cohn, executive director of the privacy rights organization Electronic Frontier Foundation.

This week, the CES show was buzzing with thousands of companies offering health wearables, smart TVs, self-driving vehicles and other gadgets that rely on data from our bodies or homes. Many tout themselves as the next big thing, but almost none directly address how they handle customer data after it’s been collected or their approach to safety and security.

The best (and weirdest) tech we found at CES 2023

“CES doesn’t seem to have a theme this year other than throwing everything against a wall and seeing what sticks,” Kyle Wiens said in a YouTube live stream. Wiens is CEO of iFixit, which champions the right of consumers to repair their devices. “There are negative externalities for our society when this happens.”

Cohn and representatives from iFixit, Consumer Reports and other consumer advocacy groups pulled together a CES “Worst in Show,” calling out which products could have the biggest negative impact on privacy, consumer choice and privacy. ‘environment. They included some of this year’s favorites, such as connected healthcare company Withings’ U-Scan urine sensor, which analyzes hormone levels in urine and is gearing up for US launch. . After the Supreme Court struck down abortion rights in June and some states banned abortion, hormonal changes could potentially become evidence of a crime. Withings said it stores this data indefinitely and, if subpoenaed by law enforcement, “would comply with all legal requirements of the territories in which it operates.” He said he does not otherwise share data with third parties.

The media tends not to ask tough questions about security at CES, and companies tend not to volunteer the information, Cohn noted.

“Literally only one company even mentioned [privacy or safety], and ironically, it was a sexting app,” Leanna Miller said on the show. Miller said she works for a small company that makes reusable writing tablets and came to CES to browse all the new products. The company she referred to was Blyynd, an adult network that claims to use encryption to promote safe sexting.

With few exceptions, tech companies take care of security when problems arise rather than taking more time to test products and integrate secure features, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA ), in an interview on the sidelines of the CES.

These companies’ incentives are “really about cost, capacity, performance, and speed to market, not basic security,” she said.

Easterly’s CES keynote alongside CrowdStrike CEO George Kurtz focused on the rapidly rising cost and danger of cybercrime, which often relies on rush-shipped products, they said. . It was the first time a cybersecurity official of Easterly’s rank had spoken on the show.

Buggy software in off-brand smart home devices is a playground for hackers

“When we think of the world in which we live, we cannot accept that in ten years [cyber risks] will be the same or worse,” she told the conference.

This may depend on whether consumers demand safer products or whether the government regulates software, although Easterly noted that it does not support “heavy” regulation. Regulation could take the form of stricter privacy safeguards or clearer communication with consumers about the risks a product poses. The White House has backed the idea of ​​a nutrition label-like “software nomenclature” that tells shoppers what software components a product contains.

This week, for example, the European Union fined Meta $414 million for hiding information about its targeted advertising activity in its terms of service rather than obtaining meaningful consent from its users and to give them the opportunity to refuse. Meta said he intends to appeal the decision and the fines. Risky technologies such as facial recognition are also under scrutiny in the EU.

Meanwhile, at CES, companies touting facial recognition technology are splashing the floor. Miko, a Disney-backed robot that claims to keep kids engaged, is equipped with facial recognition and uses its camera to analyze children’s moods and map items in your home, its website says. Its CEO said all facial recognition data is stored on the device and not in the cloud.

Then there are the smart home devices with cameras, such as the Landroid Vision autonomous mower that navigates your garden. Its maker, WORX, said all images captured by the trimmer are anonymized and any faces or house numbers are blurred before the images are sent to the company’s cloud storage. Its privacy policy leaves room for data sharing for advertising purposes.

Companies might choose to make useful, private and serviceable products, iFixit’s Wiens said during the Worst in Show announcement, but what’s the real purpose of a $200 travel mug with data-sharing capabilities? location and an irreplaceable battery?

“We already have thermoses,” he said. “They have phenomenal success. They have been around for a very long time. »

Jamie Kaplan, vice president of communications at CES-producer Consumer Technology Association (CTA), said the show encouraged innovation, entrepreneurship and economic growth. This year, the CTA welcomed 3,200 exhibitors.

“CES requires exhibits to comply with U.S. law, which promotes innovation and focuses on restricting bad behavior rather than banning new and innovative products,” she said in a statement. .

techsm5

Comments



Font Size
+
16
-
lines height
+
2
-