A software product’s code-base grows over time with added functionality resulting in the use of potentially numerous new 3rd party libraries. Some of these libraries are well-maintained by commercial organizations and some are maintained by communities of open source developers. Over time, it is easy for a development team to lose track of these software components, resulting in gaps in visibility into component vulnerabilities. This can have an impact on the security of the product and introduce un-needed risk into end-user customer organizations.
For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security and in particular leading security cameras (as part of project Vizavis). In most cases, the research was carried out together with the device vendors for the sake of efficiency and transparency.
On May 16, 2018 The U.S. Consumer Product Safety Commission conducted a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. VDOO’s written response is below.
When you purchase an electronic device, how do you know it will work? How can you be sure that it will not harm your environment or even your safety? How can you know that the device will not be used as means of espionage?
The world we live in rapidly becoming more and more connected, on every thinkable level. From home devices, through wearables and all the way to medical solutions. This, of course, is the Digital Revolution, enabling consumers, businesses and industries to make better, more informed, real-time decisions to provide the best experience to the end user. This goes hand in hand with the growing ease of doing business and seamless engagement.