524,329 active members*
3,002 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

IoT Security and Increasing Vendor Liability

February 2017
01
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
IoT Security and Increasing Vendor Liability

The push for some form of liability for vendors who sell faulty or insecure software has been the subject of debate for many years with little or no clear agreement on its legality or how to enforce it. However, that may be changing as the US Federal Trade Commission (FTC) seems to be intent on taking an active role in the discussion given two announcements made at the beginning of the year.

First, the FTC announced that it is offering a cash prize of up to $25,000 in its IoT Home Inspector Challenge for the best technical solution that would address security vulnerabilities caused by out-of-date software in IoT devices. An ideal tool, they say, might be a physical device that the consumer can add to his or her home network that would check and install updates for other IoT devices on that home network, or it might be an app or cloud-based service, or a dashboard or other user interface.

Second, just one day after the announcement of the challenge, the FTC filed a complaint against D-Link Corporation and its U.S. subsidiary alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.

In the complaint, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras. 

In a news release from the FTC, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection said: “Hackers are increasingly targeting consumer routers and IP cameras -- and the consequences for consumers can include device compromise and exposure of their sensitive personal information. When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.”   

The complaint further referenced the FTC’s guidance issued in January of 2015 urging IoT companies to adopt best practices to address consumer privacy and security risks. It seems now the FTC is intent on pursuing vendors in the courtroom who ignore their guidance and put consumers at risk with vulnerable devices. The case will be decided by a federal district judge.

In 2017, most every market analyst, security blogger, and industry pundit predicts that serious security breaches are bound to occur given the rapid proliferation of millions of IoT devices. And, as a result of the heightened sensitivity towards security, vendors no doubt will come under much greater scrutiny for failure to keep data, devices and consumers safe.

What will be the degree of liability for vendors be in such cases? Probably little or no change in the near term, but it seems clear the discussion is about to be ramped up.

You can learn more about the many potential vulnerabilities that exist in connected devices, and more importantly, how to protect against them in the Industrial Internet Consortium’s Industrial Internet Security Framework document.

0 comments

Blog Archiv

July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016