FTC objective is better security and privacy in consumer services and products The Federal Trade Commission made an appeal at DEF CON in Las Vegas this past week in hopes of getting hackers to help them crack down on manufacturers and service providers that leave customers vulnerable.Top of the list: ransomware, malvertising, networked cars and security for the internet of things.Of particular interest in the case of IoT is preventing one device from compromising a consumer’s entire private network, says Lorrie Cranor, the FTC’s chief technologist.She’d like to know what steps manufacturers of IoT gear can take so weaknesses in their products don’t enable attackers to pivot from one vulnerable device to others on the network to cause further harm or to breach privacy. The FTC’s interest in getting hacker help is strong enough that it sent not only Cranor but also one of its commissioners, Terrell McSweeny.+ BLACK HAT: How to make and deploy malicious USB keys + Cars and the networking gear being built into them needs to be segmented so critical systems such as braking and steering can’t be hacked. This is a continuing area of concern, and other presentations at DEF CON focused on how such hacking can be done.Also of concern is the use of sensors in children’s toys that represent a possible privacy risk, Cranor says, but that also threaten privacy of adults.FTC seeks advicePrivacy concerns go beyond the security of devices and networks, though. Cranor says the commission would welcome advice on how users can control personal information that they submit in one context from being spread around without their knowledge or permission.Smart devices that house a wealth of personal information would better serve privacy needs if they provide ways for their users to easily observe what communications they might be making in the background. Along with this the FTC would like advice on how to easily analyze apps to see whether they are secure and that their component code lifted from third-party libraries are as well.New technologies such as virtual reality are on the commission’s radar, although it hasn’t identified specific threats. Still, it wants to know whether VR raises new consumer concerns for fraud and deception, areas where the FTC can take action.The commission wants help finding the best ways to evaluate the risks that breaches and vulnerabilities pose to specific organizations. Metrics that can indicate what risks are would help determine whether vendors accurately represent dangers of products and services. A tool could be used to figure out whether data stolen in a particular breach is employed elsewhere. For example, if a person’s credit card number is used fraudulently, is it possible to determine whether it was compromised in a particular breach? This comes into play in cases where consumers have tried to sue retailers for damages when their cards are used fraudulently and the card information was stolen in a breach.Along the same lines, Cranor asked for help spotting fraud quickly and automating the process to sort through a higher volume of possible cases.Anyone who wants to make suggestions can contact the FTC at research@ftc.gov for more information.The commission is also seeking researchers to present their findings at conferences this fall and next year. The commission is running a series of educational sessions to make consumers more knowledgeable with its Start with Security outreach program. It’s holding tech sessions on ransomware, drones and smart TVs later this year. Related content news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Cyberattacks Cybercrime news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices news analysis Attackers could abuse Google's SSO integration with Windows for lateral movement Compromised Windows systems can enable attackers to gain access to Google Workspace and Google Cloud by stealing access tokens and plaintext passwords. By Lucian Constantin Nov 30, 2023 8 mins Multi-factor Authentication Single Sign-on Remote Access Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe