Hacked Baby Monitor Sings “I’ll Be Watching You!”

(Image courtesy of Consumer Reports/Oliver Munday).

“Every game you play, every night you stay, I’ll be watching you,” croons Sting in the Police’s hit song I’ll Be Watching You.A fine line to hear on the radio – but to hear it through your two-year-old daughter’s baby monitor, as happened to the Denman family in 2015, is another matter entirely. The harrowing incident occurred because the Denman’s internet-connected baby monitor had been remotely hacked.

Such vulnerability is unfortunately all too common when it comes to Internet of Things (IoT) devices. To tackle this issue, Consumer Reports has spearheaded a new open-source standard that aims to safeguard consumer security. By partnering with three digital security organizations, Cyber Independent Testing Lab (CITL), Ranking Digital Rights (RDR), and Disconnect, Consumer Reports has launched the first phase of the so-called Digital Standard.

While the open standard was created primarily to protect consumer privacy, IoT engineers should take note as well. Consumer Reports likens the Digital Standard to safety standards in modern automobiles – you don’t want to be the car company that doesn’t install seatbelts, and you don’t want to be the IoT company that doesn’t secure your baby monitors.

With that in mind, here’s the 4 main criteria that the Digital Standard will be evaluating:

Security: Horror stories like the Denman’s baby monitor, remotely hacked vehicles, and last year’s IoT-enabled DDOS attack prompt this rather obvious criterion: IoT products should be built to be secure. The Standard looks for features like data encryption, regular security patches, and strong password requirements, and will use tools built by CITL to test for proper security practices.
Privacy:A Consumer Reports survey recently found that 65 percent of American consumers aren’t confident in the privacy of their personal data. The Digital Standard aims to preserve consumer privacy on the IoT, by evaluating factors such as user control over what data is collected, disclosure of data usage, data retention and deletion, and the consumer benefits of shared data.
Ownership: The “Right to Repair” has been in the news lately, with farmers in Nebraska taking on John Deere and Apple for the right to service their own products. The Digital Standard shares this point of view, outlining several metrics for evaluating user ownership of their IoT devices. These include limitations concerning interoperability, ownership, and resale, as well as issues such as support throughout a product’s lifecycle,transparent terms of service, and of course, the right to repair devices.
Governance and Compliance: This criterion seeks to hold companies ethically accountable, by asking questions about privacy policies, business models, transparency, and social responsibility.

While Consumer Reports’ Digital Standard isn’t the first attempt at addressing issues of IoT security, it’s a useful perspective at what consumers may increasingly start to look for in IoT products – especially considering the wavering confidence in IoT. Understanding this perspective, and building your IoT products with it in mind, may give your company an edge in the consumer market.

To learn more about the Digital Standard, or to contribute to its development, go to thedigitalstandard.org. For more information about IoT Security, read IoT Security: How to Protect Connected Devices and the IoT Ecosystem.