IoT security: why it’s bad and the potential Trump effect

One of the best explanations for the security shortcomings of the Internet of Things comes from Macworld’s Glenn Fleishman, who often writes about security and privacy issues. The IoT, he argues, includes mostly devices from manufacturers who are engaged in a “race to the bottom.” That is to say, many IoT makers try to increase sales by putting cheap gear on the market, and these manufacturers “don’t typically put security at the top of their priority list, nor have much compulsion to offer software upgrades for security indefinitely — or even at all.”

Of course, expensive devices are not necessarily guaranteed to have great security. But Fleishman makes a good point drawing attention to the fact that those companies willing to cut corners can get away with shipping vulnerable gadgets because … well, there’s nobody and nothing forcing them to install better security.

And this is especially bad because, as Fleishman puts it, it means the IoT “makes hackable devices in fixed locations attached to high-speed broadband an incredibly desirable target for security agencies and criminal gangs to use as armies of bots” (a reference to last year’s Mirai botnet attacks).

There is a solution to make smart device makers more interested in preserving the consumer’s privacy and security, writes the columnist: government agencies. In the U.S., that could be the Federal Trade Commission (FTC), which has recently said Taiwan-based computer networking equipment manufacturer D-Link Corporation “left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk” (D-Link denies the charges).

With countless smart devices coming to the market from numerous manufacturers, and no regulation on IoT security and privacy, it’s hard for consumers to know whether they are buying vulnerable products. So, in Fleishman’s words, by this kind of actions “the FTC mends a broken market” as it draws attention to those manufacturers who take security too lightly.

But it all depends on the new U.S. administration. Donald Trump has repeatedly said that federal regulations hurt businesses and that most of them should go. The new president has already started to move in that direction.

It remains to be seen whether the president’s aversion towards regulation will also mean less power for the FTC to file complaints such as the one against D-Link. “We’ll find out soon,” the columnist writes.

Until then, there are things we, as consumers, can do to make sure the smart devices we buy don’t compromise our security and privacy. At least we should check whether the manufacturer has a good track record in terms of security, change the default passwords and make sure our devices receive all the latest software updates. You can learn more about how to secure your smart home here.