Vulnerabilities in connected devices spell potential trouble for product manufacturers.
As the Internet of Things (IoT) becomes more of a fact of daily life for many people and businesses, securing the data and devices involved has emerged as the single biggest IoT challenge. This isn't surprising, given that security incidents related to connected devices will likely rise -- as will legal action related to product and service vulnerabilities.
SPECIAL FEATURE
The Internet of Things is creating serious new security risks. We examine the possibilities and the dangers.
A prime example came earlier this month, when the United States Federal Trade Commission (FTC) filed a lawsuit against D-Link, a maker of networked devices for business users and consumers, claiming the company put thousands of customers at risk of unauthorized access by failing to secure its IP cameras and routers. Security vulnerabilities in the products had been discovered last year.
The lawsuit claims that D-Link failed to take reasonable software testing and remediation measures to protect its routers and IP cameras against well-known and easily preventable software security flaws.
The case against D-Link is the latest of many recent FTC actions brought against consumer-facing technology companies for allegedly failing to implement reasonable data security, said Jeremy Goldman, a data security law expert and a partner in the litigation, privacy and data security groups at law firm Frankfurt Kurnit Klein & Selz.
"D-Link has just been made the poster child for IoT security, and similar actions are likely," Goldman said. "However, the key question is whether the incoming administration will continue to prioritize data security and interpret the FTC's powers as broadly as the current commission."
The legal action should grab the attention of any company that is developing IoT and other Internet-enabled consumer or business products.
"The FTC is sending a clear message to manufacturers of IoT and other connected devices: you have to think seriously about the technical controls built into your products," Goldman said. "Innovation has to include reasonable security designed to protect consumer data and privacy. What does that mean? Among other things, default passwords simply will not fly."
EmoticonEmoticon