CES 2021 Gadgets: Worst in Privacy and Security Awards

ces 2021 worst in show

Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.

This year’s Consumer Electronics Show was hampered by the pandemic, but that didn’t stop an expert panel from convening to award this year’s dubious CES 2021 Worst in Show honors in the context of gadget privacy and security.

Overall trends from the week included ever-connected devices constantly monitoring users for the sake of security, something panelist Cindy Cohn from Electronic Frontier Foundation dubbed the “explosion of the surveillance economy.”

The awards were sponsored by the Repair Association and named the worst products from CES 2021 in the categories of privacy, security, ability to repair and environmental impact.

Privacy: Linksys Aware

Cindy Cohn of the EFF named the Linksys Aware mesh Wi-Fi home motion sensor as the least private gadget of the show. The Linksys device works by recruiting every other connected device in the home to monitor movement.

“I’m not sure why you need access to every single movement in your own house,” Cohn said. “The example they give is being able to tell when grandma falls, but it seems like a whole lot of tech for one use case.”

She added, “There’s lots of creepy here but Linksys wins for converting all your OTHER devices into its spying scheme…It also wins because while it says that all data and alerts will be stored locally.”

Security: TCL Smart TV

Paul Roberts from securerepairs, an advocacy group for the right to repair electronics, dubbed the Chinese-made TCL Smart TV as the least secure product he saw at CES 2021. He explained that TCL doesn’t have a mechanism to report vulnerabilities and that researchers have already documented several in its smart TVs in general, which haven’t been addressed.

“This is a company that has spent much of the past three months batting away reports about serious security vulnerabilities in its Android smart television sets, including vulnerabilities and security configuration flaws that left some TCL TVs—and the data they contained—browsable from the public internet,” he said. “It is a company that was forced to make painful, public acknowledgments not just that their products were vulnerable, but that it had no established, internal security team or process to respond to vulnerability reports from independent security researchers and to expedite fixes for its tens of millions of customers.”

As he reviewed the reams of promotional material TCL released on its new TV sets, its smart glasses and foldable smartphones, there was no mention of cybersecurity as a feature of their products or of the company’s purported new emphasis on product security, he noted.

“A feature comparison chart of TCL smart TV models lists 15 feature categories to compare them by – cybersecurity is not one of them.”

Beyond TCL, Roberts added he also saw a troubling number of products at CES which are applying AI and machine learning of customer data and challenged the industry for its “fetish for connected and smart devices.”

Cannot be Repaired: John Deere X9 Combines

The Worst of Show awards also focused on problems beyond privacy and security.

For instance, Kyle Wiens cofounder of ifixit said John Deere has made a turn toward robotic tractors and computerized farm equipment, which he added, can mean improved yields and efficiencies for famers. But the new John Deere X9 represents a new chapter for the company when it comes to using proprietary technology and hardware.

The John Deere X9 combine, Wiens explained, is a million-dollar piece of equipment which relies on attachments to perform various functions.

“The X9 uses a new Combine header with a proprietary interface so John Deere can monopolize attachments for combines,” Weins said, so they can bring all the accessory sales in-house — reminiscent of Apple’s walled garden approach.

Environmental Impact: YSL Rouge Sur Measure by Perso

Nathan Proctor from the public-interest advocacy group USPIRG, was not impressed by this little app-powered gadget which borrows from the K-cup pod model, to mix custom shades of lipstick. It comes with a $300 price tag and wasteful pods of lipstick which need to be replaced, Proctor said.

“We do need innovation; we do need tech,” he noted. “But we don’t need silly and new ways to create waste. Proctor added the YSL Rouge Sur Measure uses rare earth materials, the pods are expensive to replace and that it provides “… only a marginally better user experience” than regular old lipstick.

He added he thinks consumers should approach what they buy with the question, “How can we have better without having more?”

People’s Choice Award: ColdSnap

Another panned product from this week was the ColdSnap single-serve ice-cream maker that also uses pods, this time to make ice cream. It was selected by an admittedly informal Twitter poll, according to Doctorow.

“The world is sick of food in pods,” he proclaimed.

Worst Overall: John Deere X9 Combine

Doctorow said based on its sheer enormous price tag and real-world impact on farmer livelihoods, the John Deere X9 was named the worst gadget of the entire show.

The panel reminded viewers they aren’t down on electronics, but advocating for better technology is something we can all do to make better, safer, more secure products.

“Don’t slide into the ‘oh I have to just accept something that sucks’ mentality,” Cohn said. “Stand up for tools that give us all the cool stuff and just serve us. There’s a better world. We need to fix the future.”

Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar – Jan. 20, 2 p.m.




Suggested articles