An alliance of Mozilla, Consumers International, the Internet Society and eight other organizations have asked the four large American retailers Amazon, Best Buy, Target and Walmart to stop selling insecure Internet of Things (IoT) and “smart” devices.
The alliance is concerned about the standards of privacy and security with some IoT products that are on the market. Some large retailers sell IoT devices that are insecure and don't properly protect the consumer's privacy. Therefore, the alliance asks for attention.
In a letter to the retailers they write, “Because so many of these products are entrusted with private information and conversations, it is incredibly important that we all work together to ensure that internet-enabled devices enhance consumers’ trust.”
The alliance asks for “smart” and IoT devices that only communicate over encrypted connections and which automatically download and install updates. They also would like that devices always require strong passwords and that IoT vendors create understandable and accessible privacy policies.
Besides that, the IoT vendors should also have a system in place to manage vulnerabilities in the device. This means a website or dedicated mail address to report vulnerabilities and a vulnerability handling process internally to fix them once reported.
“We’ve seen headline after headline about privacy and security failings in the IoT space. And it is often the same mistakes that have led to people’s private moments, conversations, and information being compromised. Given the value and trust that consumers place in your company, you have a uniquely important role in addressing this problem and helping to build a more secure, connected future,” the alliance concludes.
