Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Has Serious Concerns About IoT Security and Privacy (onthewire.io)

Posted by BeauHD on from the product-shelf-life dept.

Trailrunner7 quotes a report from On The Wire: The Federal Trade Commission has sent comments to the Department of Commerce, outlining a list of concerns about the security and privacy of connected and embedded devices, saying that while many IoT devices have tangible benefits for consumers, "these devices also create new opportunities for unauthorized persons to exploit vulnerabilities." One of the key security problems that researchers have cited with IoT devices is the impracticality of updating them when vulnerabilities are discovered. Installing new firmware on light bulbs or refrigerators is not something most consumers are used to, and many manufacturers haven't contemplated those processes either. The FTC said the lack of available updates is a serious problem for consumers and businesses alike. "Although similar risks exist with traditional computers and computer networks, they may be heightened in the IoT, in part because many IoT chips are inexpensive and disposable, and many IoT devices are quickly replaceable with newer versions. As a result, businesses may not have an incentive to support software updates for the full useful life of these devices, potentially leaving consumers with vulnerable devices. Moreover, it may be difficult or impossible to apply updates to certain devices," the FTC comments say. In early May, the FTC issued a 10-page letter to eight leading players in the mobile communications arena requiring them to tell the agency how they issue security patches.

2 of 41 comments (clear)

  1. Decoupling by Anonymous Coward · · Score: 2, Interesting

    Decouple the software and hardware manufacturers from each other by defining lots of open, roalty-free standards and interfaces. It will work. Maybe.

  2. Where is the outrage for smartphones?!? by geekmux · · Score: 4, Interesting

    So the FTC is suddenly concerned about updating software or firmware for IoT devices. Can someone please explain to me where the hell the outrage is for vendors who stop supporting smartphones well before their useful life?

    Humans carry around their lives in smartphones these days. Needless to say, having my "vulnerable" light bulb hacked isn't going to have the same impact as rooting my phone.

    Believe me, I like the attention IoT security is perhaps finally receiving, but talk about priorities...