We already suspected our smart TVs were ‘watching’ our viewing behavior and sharing data with advertising and television business partners. Now, our smart TVs can open our homes to criminals.
Propublica recently reported on the update to Vizio televisions which quietly enabled “Smart Interactivity” as a default, along with modifications to the privacy policy allowing wider sharing of data. Right on the heels of that article, ArsTechnica reported yesterday that Avast has found vulnerability in Vizio televisions which allows infiltration through weak HTTPS validation, letting hackers issue commands to the television or gain access to the home’s network.
Privacy risks and security vulnerabilities – elements which, along with sustainability issues, form the three dangers to real safety. The call is loud and clear. We must tackle safety in the connected world through privacy and security by design, built in from the beginning, and sustained throughout a product’s life cycle. And we must do it now.
One perceived challenge is the ‘unknowable’ element of these connected devices; we are developing devices and combinations we’ve never seen before. Along with this is the challenge of emerging players – new companies without security or privacy experience, established companies with expertise in areas other than technology, individual entrepreneurs out on their own – all now building (or converting) their products for connectivity.
But the challenges are not insurmountable. What seems like the great unknown actually starts with a collection of reasonably well knowns. Strong security protocols exist, even if some companies may be unfamiliar with them (and some smart TV makers may forget to use them). Privacy standards exist, even though companies less experienced with personal data may not realize the demands of proper data stewardship.
Safety in our connected world hinges on the coming together of ideas we already embrace in email and communications security, all forms of authentication and validation, access protection, privacy protection and data stewardship. The important message is less that we need to ‘figure it out’ and more that we need to start doing it. We need to see the parts as a whole – a framework built from experience and learnings in each separate area now combined into a comprehensive set of best practices to support and enable emerging innovation.
The time for guidance is now and OTA’s IoT Trust Framework supplies that guidance. Join us in DC at the IoT Trust Summit on November 18 as we move forward with the framework and a code of conduct which promises to enhancing consumer trust and safety while promoting innovation.