20.02.2020

Manufacturers lax with smart device safety

Smart device manufacturers do not pay enough attention to the safety of their products. That’s the conclusion from the Dutch Consumers Association in their report. Many devices have vulnerabilities and manufacturers do not do enough to fix them.

The Consumers' Association draws its conclusion on the basis of :

  • Various hacking tests, in which researchers tried to hack 10 products: During preliminary research, these devices had been found to have safety problems. This included 2 sex toys, 2 children's GPS watches and 2 baby cameras.
  • 4 comparative studies of smart security cameras, lamps, doorbells and baby cameras.
  • The update promises made by 50 manufacturers.

Lax and unclear

The investigations and the hacking tests revealed 27 vulnerabilities. The researchers reported the defects to the manufacturers, but they appear to be lax in solving them. In 12 cases, they denied the problem, refused to take action, or did not respond at all. Even of 14 serious vulnerabilities, they resolved only 9.

The manufacturers are also seriously lacking in the area of ​​update promises. Of the 50 manufacturers surveyed, only 3 for all their product groups clarify in advance how long their devices will receive updates.

Conclusion: Security not important enough

Sandra Molenaar, director of the Dutch Consumers' Association: "Manufacturers do not consider the safety of their products important enough. That is the painful conclusion that we must draw on the basis of this report. That must change. Among other things, by setting minimum safety requirements that products must meet. In addition, manufacturers should be required to update their products. They must also actively inform their customers about vulnerabilities in their products. And unsafe products simply have to be removed from the market. Firm enforcement is needed to ensure they do that. "

The Consumers' Association has shared the report with the Ministry of Economic Affairs and Climate. Fortunately, State Secretary Mona Keijzer already has the security of IoT devices high on the agenda. This report underscores the need to act quickly and hopefully helps bring about change, "said Molenaar.

Baby monitor and Vibrator Removed

Bol.com, the leading webshop in the Netherlands sold 2 unsafe products, the Sannce Smart Baby Monitor with camera and the Svakom Siime Eye vibrator, with WiFi and camera. The baby monitor is hackable and the vibrator's WiFi transmitter has a recognizable name and a standard password that is the same for all devices. After notification by the Consumers' Association, Bol.com has undertaken to withdraw both products from the market.