Consumer Report calls tech companies to improve IoT privacy and security

In a public letter sent to 25 tech companies, the NGO, Consumer Report urged the companies to improve privacy and security practices and settings of their Internet of things (IoT) products, mainly connected cameras. The letter details some of the latest incidents of camera hacking that took place in the last few months in the USA, highlighting the urgency of addressing these issues. The letter recommends the companies to implement the following measures: (a) Installing automatic firmware and software updates, creating protection against credential stuffing and reuse. (b) Incorporating multifactor authentication and captchas in the authentication system. (c) Sending e-mail notifications to users when a login occurs from a new device or a new IP address. (d) Requiring users to sign back in after changing a password. (e) Confirming changes with credentials, requiring strong passwords, improving protection against brute force dictionary attacks, and including a visible indicator when the cameras operate.