The Consumer Federation of America, along with 10 other advocacy groups, including Mozilla and the Internet Society, have sent an open letter to Target, Amazon, Best Buy and Walmart asking the retailers to endorse minimum privacy and security guidelines for connected consumer products. Citing an estimated 10 billion active IoT products by 2020, the advocacy groups recommend the following minimum guidelines for IoT devices, including:
- Encryption for all network communication functions and capabilities;
- Automatic updates for a reasonable period after sale and enabled by default;
- For devices using passwords for remote authentication, a requirement that default passwords be reset along with password strength requirements;
- The vendor having a system to manage vulnerabilities, including a point of contact and a vulnerability handling process; and
© 2019 Ossian Law P.C.