In addition to phones, tablets, ereaders and computers that we are frequently using, new gadgets that are marketed as home appliances have been discovered to leak private data to corporate marketing databases. Internet software development organization Mozilla examined a range of new products that are being marketed for personal use and
to homes. Which products did what customers expected them to do, and which ones happily sent private data back to corporate headquarters?
These gadgets were not secure in Mozilla’s tests
- Amazon Kindle
- Amazon Fire HD Tablet
- Anova Precision Cooker Sous Vide
- Apple Airpods
- Belkin WeMo Mini Smart Outlet
- Bose QuietComfort 35 II
- CogniToys Dino
- DJI Technology DJI Spark Selfie Drone
- FREDI Baby Monitor
- Garmin Vivosport
- Google Chromecast
- Google Pixel Buds
- Hidrate Spark 2.0 Water Bottle
- Jabra Elite 65T Earbuds
- Mobvoi TicWatch Pro
- Nest Learning Thermostat (Google product)
- Nest Hello Video Doorbell (Google product)
- Ozobot Evo Robot
- Parrot Bebop 2
- Peloton Bike
- Petzi Treat Cam
- Philips Hue Smart Light Kit
- Quell 2.0 Wearable Pain Relief
- Seedling Parker Teddy Bear
- SkyRocket Sky Viper Journey
- SmartThings Outlet
- Soundmoovz
- Sphero BB-8 Robot
- Sphero Mini
- Tile Mate
- Tractive GPS 3G Pet Tracker
- Whistle 3 Smart Tracker
- Wonder Workshop Cue the Robot
- Wonder Workshop Dash the Robot
- Wonder Workshop Dot Creativity Kit
- Zerotech Dobby Pocket Drone
These gadgets didn’t violate users’ privacy
- Amazon Cloud Security Camera
- Amazon Fire HD Kids Edition Tablet
- Amazon Fire TV
- Amazon Echo
- Amazon Echo Plus & Dot
- Amazon Echo Show & Spot
- Apple Homepod
- Apple iPad
- Apple TV
- Athena Safety Wearable
- Beeline Smart Compass for Bike
- Behmor Brewer Coffee Maker
- Findster Duo Plus Pet Tracker
- Fitbit Aria 2 Scale
- Fitbit Versa Watch
- Furbo Dog Camera
- Google Home
- Harry Potter Kano Coding Kit
- Microsoft Xbox One
- Mycroft Mark 1
- Nest Cam Outdoor Security Camera
- Nest Cam Indoor Security Camera
- Nest Learning Thermostat
- Nest Hello Video Doorbell
- Nintendo Switch
- Petchatz HD
- Petcube Play
- Petnet SmartFeeder
- Roku Streaming Players
- Samsung Gear Sport
- Sonos One
- Sony PlayStation 4
- Withings Body Scale
- WyzeCam
The lists were compiled by Quartz.
Five items for minimum security standards of gadgets
The products listed above went through a test routine. Test results were checked against five security standards that Mozilla, Consumers International and the Internet Society have proposed.
In European Union countries, the privacy laws of 2018 known as the GDPR restrict considerably what corporations can do with data generated by users without customers’ consent (if a product or service is made available to people in EU countries). Yet, a gadget that leaks data without any sign of doing so is practically impossible to spot at home. So, the effort of these three organizations to raise the level of security is warmly welcomed.
1) Encrypted communications
The product must use encryption for all of its network traffic to ensure that communications are not eavesdropped or modified in transit.
2) Security updates
The product must automatically update discovered security risks for a reasonable period after sale.
3) Strong passwords
For remote authentication, strong passwords must be required by default. This helps protect the device from guessable password attacks.
4) Vulnerability management
The vendor must have a working system to manage vulnerabilities in the product throughout its lifecycle. This must include a point of contact for reporting vulnerabilities.
5) Privacy Practices
The product must have a privacy policy that is easily accessible, and written in language that is easily understood. If data is being collected, transmitted or shared for marketing purposes, that should be clear to users and, as in line with GDPR, there should be a way to opt-out of such practices. Users should also have a way to delete their data and account. Also in line with the EU’s General Data Protection Regulation (GDPR), this should include a policy setting standard retention periods wherever possible.