Looks to be a good effort underway. In general IOT devices have high levels of security danger, because they are minimally protected to begin with, are often placed in networks where they are open to external threats, and in practice are rarely patched against newly discovered danger. There is also a tendency for consumer IOT to be cheaply coded and developed, with inadequate testing for security. All this driven by their cost being needed to sell in the consumer market.
CyLab's IoT Security, Privacy Label Effectively Conveys Risk
Carnegie Mellon University CyLab Security and Privacy Institute
By Daniel Tkacik, May 26, 2021
Researchers found that Carnegie Mellon University CyLab's prototype security and privacy label adequately conveys the risks associated with the use of Internet-connected devices. Their study involved 1,371 participants who were given a randomly assigned scenario about buying a smart device, and asked whether information on the label would change their risk perception and their willingness to purchase. The label detailed a device's privacy and security practices, like the purpose of data collection and with whom data is shared. Most of the attributes on the label resulted in accurate risk perceptions, although the study found some misconceptions. Researcher Pardis Emami-Naeini said, "Our findings suggest that manufacturers need to provide consumers with justifications as to why patching may be necessary, why it takes them a specific amount of time to patch a vulnerability, and why it might not be practical to patch vulnerabilities faster."
No comments:
Post a Comment