How safe are consumer IoT devices? Mozilla’s guide shows what’s creepy – Technologist

Asia’s Single’s Day festival and the United State’s Black Friday sales have come and gone. But the retail frenzy isn’t over.

A cursory look at what the major retailers are offering for Cyber Monday, or the Monday after Thanksgiving which marketers have cooked up as a day for online shopping, reveals a flood of gadgets riding the crest of the popularity of consumer electronic devices.

Mozilla, however, cautions that these smart connected things might pose some online risks to consumers.

“Teddy bears that connect to the internet. Smart speakers that listen to commands. Great gifts—unless they spy on you. We created this guide to help you buy safe, secure products this holiday season,” Mozilla said in its website.

Now on its second edition, Mozilla’s gadget guide provides a framework for understanding the risk factors to consider before buying a connected device.

Creepy or not?

Mozilla’s guide has three basic questions to assess a device’s ability to spy on its users: Does it have a camera? How about a microphone? Is it tracking your location?

Cameras, microphones, and location tracking capability are either embedded in the device or in the accompanying app used to control the device or both. 

Mozilla also asks users as well to evaluate a product based on whether it uses product encryption, share information with third parties, allows a user or parental controls, provide security update and delete data its stores about the user.

The guide wants users to dig deeper and take time to learn how a company manages security vulnerabilities, and what it would do if something goes wrong with the device.

‘Privacy not Included’

The Mozilla guide, aptly called ‘Privacy Not Included,’ reviews about 86 connected devices that most consumers may want to purchase this Christmas under six categories — Toys and Games (18), Smart Home (20), Entertainment (14), Wearable (14), Health & Exercise (11), and Pets (9).

Of this number, less than half (38 percent) or just 33 devices have been given the seal of approval as they were deemed to have met Mozilla’s minimum security requirements.

These gadgets include the popular gaming devices Nintendo Switch, PS4, Xbox One, and fashionable wearables Samsung Gear Sport, the Fitbit 3 Tracker, the Garmin Vivo Sport, and Apple Watch.

Many Amazon gadgets also received Mozilla’s seal, including the Amazon Fire TV, Amazon Fire HD Kids Edition, Amazon Fire HD Tablet, and the Amazon Echo & Dot, and even the Amazon Cloud Cam Security Camera.

Interestingly, many of the connected toys and baby monitors didn’t get Mozilla’s nod, but most home products that receive voice commands were deemed safe.

Consumer opinion, however, may diverge. The Mozilla guide features a Creep-O-Meter for the public to share their opinion on whether they judge the devices as creepy, a little creepy, somewhat creepy, very creepy or super creepy. 

Security awareness needed

A Trend Micro poll recently revealed that only 14 percent of organizations globally have complete awareness of the threat of the Internet of Things (IoT). How much more consumers?

In Asia-Pacific, consumers are conflicted about the promise of the IoT as shown in the findings of an Internet Society study that shows nine in 10 do not trust IoT manufacturers and service providers to secure their device.

Earlier this year, security firms Kaspersky Lab and Sophos have sounded out the growing and continued threat of mobile and IoT malware.

In this undated blog post, Kaspersky Lab has offered an insight into why and how connected mobile devices pose a security threat to users.

Ultimately, the consumers decide. But let it not be said that they haven’t been warned.