CES 2023 FAIL: Worst in Show for Security and Privacy
The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances.
Here are just two lowlights, as selected by iFixit, Repair.org, PIRG, SecuRepairs, the EFF, Consumer Reports, and JerryRigEverything. But you can bet there are many others that have been rushed to market without a thought for the security or privacy of their soon-to-be owners.
This is the way. In today’s SB Blogwatch, we feel fabulous.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: 2001 remade by Pixar.
This Happened in Vegas — it Should Stay in Vegas
What’s the craic? Tatum Hunter hunts for danger—“It’s 2023, and tech is still pushing unsafe products”:
“Tough questions on safety”
Tech products often hit the market with giant safety and privacy flaws. At the same time, CES, a giant annual consumer electronics exhibition in Las Vegas, brings a flood of new gadgets. It might be pouring gas on a fire.
…
The CES show floor buzzed with thousands of companies slinging health wearables, smart TVs, autonomous vehicles and other gadgets that rely on data from our bodies or homes. … But almost none directly address how they treat customer’s data … or their approach to safety and security.
…
Media tend not to ask tough questions on safety at CES, and companies tend not to volunteer the information. [Yet] cybercrime … often relies on hastily shipped products.
So who “won” the dubious honor? Thomas Claburn lists the key pair—“Technology has the potential to make life better. This isn’t it”:
“Not created with security in mind”
As the 2023 Consumer Electronics Show winds down, it’s once again time for the Worst in Show Awards, an enumeration of … “terribly, awfully bad” … tech products as determined by various technology advocates. … And this year’s CES vendors delivered.
…
Cindy Cohn, executive director of the Electronic Frontier Foundation, flagged the Withings U-Scan pee reading smart toilet puck. … The company proclaims, “It provides an immediate snapshot of the body’s balance by monitoring and detecting a large variety of biomarkers found in urine.” … These companies don’t disclose their business models, [Cohn] said, so consumers don’t know whether they will have any privacy: “This product … says nothing about what it’s going to do with that data that is collected. … So it’s beyond clueless for a company to advertise that it can help you track your menstrual cycles and other things that might be used, frankly, to … toss you in jail.”
…
Roku’s new line of smart TVs were flagged by Paul Roberts, founder, [of] SecuRepairs. … His concern is based on the company’s past lack of communication about security incidents and the general shoddiness of smart TV software: “Smart televisions are a problematic category when it comes to cybersecurity because they’re basically surveillance devices and they’re not created with security in mind.” Roberts chided Roku for failing to have a bug reporting program and for its lack of public security engagement. He observed that Roku has just three public CVEs at the MITRE website … and that’s not because Roku’s code is more secure.
The event was moderated by Kyle Wiens—“2023 CES Worst in Show Awards”:
“The Press is just breathless”
We’re very excited to be here. We’re not as excited about a lot of the tech that we saw at CES. … Today we have some of the absolute experts in the world at cyber security [and] privacy … and we are working on laying out some of the absolute worst gizmos that we have seen at the show.
…
CES has been wild. … This year there doesn’t seem to be a particular theme, aside from throwing everything at the wall to see what sticks. And unfortunately, there’s a lot of externalities in society when you do that. … So we are seeing—across the gamut—products that impact our privacy, products that create cyber security risks [and] things that maybe should not exist.
…
Sometimes it feels like the the Press is just breathless … regurgitating press releases from from marketing folks. And so this is our one chance to step back and take a look with a with a little bit of a critical eye and say what’s the technology that we’d like to see in the world? What are the things that would make our lives better, that would enrich us, that would increase our security and privacy? Rather than continuing to ratchet it back like … we get every year.
What else did the judges have to say? Lucas Gutterman shares some more quotable quotes—“And the winner is…”:
“Profound privacy consequence”
Every CES boasts exciting new products, but not all the “innovations” on display improve our lives. Many fads which might be all the rage for manufacturers leave us mostly enraged.
…
Security: Roku Smart TVs. … “Roku, like so many companies at CES, is very hungry for customer data, but shows few outward signs of being what you would call a cyber mature firm. Issues like vulnerability disclosure, vulnerability patching, hardware-based risk, and other cyber threats, Roku has very little to say about those in any of its products. And that leads one to believe that those aren’t issues that it’s paying a lot of attention to,” [said] Paul Roberts.
…
Overall Worst in Show: … Withings U-Scan. … “I certainly don’t want my health information out on the internet, which is why so many of these things are just bad ideas that don’t need to be executed because they have profound privacy consequences,” [said] Gay Gordon-Byrne … Executive Director, Repair.org. … “Have these people not heard of the Supreme Court … decision in Dobbs this year? This is beyond clueless,” shared Cindy Cohn.
Are you glad to see this? Brian F. Tankersley—@bftcpa—certainly is:
Glad to see others are very concerned about Big Tech’s love affair with snooping on everyone and everything.
But don’t you realize? It’s your fault. So says Eunomion:
Gadgets aim at bored, stupid, middle-aged bougies with too much money and no imagination. … Companies that do this stuff will consistently (and deservedly) target their customers as marks, and I have no sympathy for them when they are targeted in turn by hackers.
…
[But] they deserve all the criticism they get and more. They suck up investment oxygen that could go to real efforts, and they cause market dips when their bull**** starts stinking too much.
How did we get here? LoneStarBlue explains:
It’s the US way: Corporations throw products into the market and if someone dies or gets hurt, then they might make changes but only if the federal government forces them to do so. Electronic products carry a different harm, including the loss of privacy and potential hacking of private accounts. Our regulations have not kept up with the market. For example, one law that would make a huge difference to our data privacy and protection would be to force companies to get permission to use our private information instead of the current automatic opt in system.
Meanwhile, stratcat purrs contentedly:
A product that seems to be both figuratively and literally taking the p*ss. … U-Scan just seems like someone looked at Theranos, and thought, “How about we try this with p*ss?” … I’m all for the somewhat questionable health/fitness data that already comes from my phone and watch, but I’m not spending $500 on a gadget to p*ss on.
And Finally:
Stable Diffusion’s mind is going
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Ameer Basheer (via Unsplash; leveled and cropped)
