Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday January 09 2017, @04:11PM   Printer-friendly
from the theoretical-harm dept.

A Federal Trade Commission attempt to rein in a poorly secured IoT device is raising questions over whether the U.S. regulator has the power to crack down on vendors suspected of shoddy practices.

On Thursday, the FTC filed a complaint against Taiwanese manufacturer D-Link Systems that charged the company's internet routers and web cameras can easily be hacked, putting consumers at risk.

But the FTC's complaint doesn't cite evidence that the products have been breached, only the potential for harm to consumers.

That's among the reasons D-Link is contesting the complaint. "Notably, the complaint does not allege any breach of a D-Link Systems device," it said in a statement.

"Instead, the FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege, as it must, that actual consumers suffered," the company said.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by bob_super on Monday January 09 2017, @06:35PM

    by bob_super (1357) on Monday January 09 2017, @06:35PM (#451556)

    The problem is that a properly-designed oven, properly maintained by the user, is certifiable by UL to be safe for an extended lifespan. Built it right, with enough padding, and you can sell it with limited worries.

    ANY Internet-connected device using a standard software package (i.e. all of them), can be found to have a security flaw in less time than it takes to print the UL label, let alone ship or install it.
    A label would give people a false perception of safety.
    They might think it's safe right now, which could be correct, but without a commitment from manufacturers to provide quick reliable painless updates for well over a decade, it's only a lie to be parted with money. Wanna guess how many manufacturers will want to provide the support to match the label?

    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 5, Insightful) by DannyB on Monday January 09 2017, @06:55PM

    by DannyB (5839) Subscriber Badge on Monday January 09 2017, @06:55PM (#451564) Journal

    An ideal, of course, is to make IoT devices need as few updates as possible. Ideally zero over their lifespan.

    If companies had liability for damages caused by their IoT devices, they would invest in security. They would reduce attack surface area. Eliminate default credentials. No back doors intended for the manufacturer's use. Compartmentalize processes better. Tighten up permissions. Etc.

    It may be impossible to have absolute security, but it is possible to come way closer to it than IoT devices do today. Consider the hoops you have to jump through to get PCI compliance for a web site that processes credit cards. If you've ever looked at that you see that there is a LOT more that could be done. If manufacturers had an incentive, they would work together to make it easier for all of them to be secure.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.