WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

{{ moduleLabel }}
{{ label }}

IoT Security and Increasing Vendor Liability

MarketingWIBU-SYSTEMS AG on February 1, 2017 at 7:12 AM

The push for some form of liability for vendors who sell faulty or insecure software has been the subject of debate for many years with little or no clear agreement on its legality or how to enforce it. However, that may be changing as the US Federal Trade Commission (FTC) seems to be intent on taking an active role in the discussion given two announcements made at the beginning of the year.

First, the FTC announced that it is offering a cash prize of up to $25,000 in its IoT Home Inspector Challenge for the best technical solution that would address security vulnerabilities caused by out-of-date software in IoT devices. An ideal tool, they say, might be a physical device that the consumer can add to his or her home network that would check and install updates for other IoT devices on that home network, or it might be an app or cloud-based service, or a dashboard or other user interface.

Second, just one day after the announcement of the challenge, the FTC filed a complaint against D-Link Corporation and its U.S. subsidiary alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.

In the complaint, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras. 

In a news release from the FTC, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection said: “Hackers are increasingly targeting consumer routers and IP cameras -- and the consequences for consumers can include device compromise and exposure of their sensitive personal information. When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.”   

The complaint further referenced the FTC’s guidance issued in January of 2015 urging IoT companies to adopt best practices to address consumer privacy and security risks. It seems now the FTC is intent on pursuing vendors in the courtroom who ignore their guidance and put consumers at risk with vulnerable devices. The case will be decided by a federal district judge.

In 2017, most every market analyst, security blogger, and industry pundit predicts that serious security breaches are bound to occur given the rapid proliferation of millions of IoT devices. And, as a result of the heightened sensitivity towards security, vendors no doubt will come under much greater scrutiny for failure to keep data, devices and consumers safe.

What will be the degree of liability for vendors be in such cases? Probably little or no change in the near term, but it seems clear the discussion is about to be ramped up.

You can learn more about the many potential vulnerabilities that exist in connected devices, and more importantly, how to protect against them in the Industrial Internet Consortium’s Industrial Internet Security Framework document.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.