Why the FTC is going after IoT device manufacturers
The Federal Trade Commission (FTC) filed a complaint against an Internet of Things manufacturer late last week, alleging that the company’s lax device security measures put consumer privacy at risk.
The FTC filed the complaint against D-Link Corporation and its U.S. subsidiary, claiming that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras," according to an FTC press release. The FTC also recently brought cases against other IoT device makers ASUS and TRENDnet.
Despite claims made by D-Link as to the security of its devices, the company failed to take steps to address "well-known and easily preventable security flaws" that left its products susceptible to hacks, according to the FTC.
IoT devices have recently been used to launch massive DDoS attacks, prompting the Department of Homeland Security and the National Institute of Standards and Technology (NIST) to get involved in the issue. Now the FTC appears to be joining the effort.
Security experts have warned for years that many IoT devices are insecure. To prevent insecure devices, companies will have to bake in security measures rather than adding them on later as an afterthought. The fact that the FTC is now issuing complaints against IoT companies that don’t take security precautions seriously may force manufacturers to improve their security efforts.
At the same time, some have complained that the FTC is overstepping its bounds in acting as the government’s chief cybersecurity enforcer and have challenged the agency’s authority to police cybersecurity shortcomings. But until another agency steps in to regulate cybersecurity infringements, the FTC is the de facto agency.