The U.S. non-profit group that conducts extensive reviews of cars, kitchen appliances and other goods, Consumer Reports, is gearing up to start considering cybersecurity and privacy safeguards when scoring products.
The group, which issues scores that rank products it reviews, said it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.
The first draft of the standards are available online at thedigitalstandard.org.
Issues covered in the draft include reviewing whether software is built using best security practices, studying how much information is collected about a consumer and checking whether companies delete all user data when an account is terminated.
Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products, Maria Rerecich, the organization’s director of electronics testing, said in a phone interview.
“This is a complicated area. There is going to be a lot of refinement to get this right,” Rerecich said.
The effort follows a surge in cyberattacks leveraging easy-to-exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices, which are sometimes collectively referred to as the internet of things.
“Personal cyber security and privacy is a big deal for everyone. This is urgently needed,” said Craig Newmark, the founder of Craigslist who is a director at Consumer Reports.
Security researchers have said the attacks are likely to continue because there is little incentive for manufacturers to spend on securing connected devices. “We need to shed light that this industry really hasn’t been caring about the build quality and software safety,” said Peiter Zatko, a well-known hacker who is director of Cyber Independent Testing Lab, one of the groups that helped Consumer Reports establish the standards.