FTC report points to security risks from internet of things

28 Jan 2015

For consumers, the advent of "smart" TVs, home automation gear and other web-enabled products come with plenty of new capabilities, but the "Internet of Things," as this emerging technological ecosystem had come to be known, also posed serious security risks, Business Insider reported.

The Federal Trade Commission's new report points out just how vulnerable it would make consumers and urges businesses to make safe use and design of the gadgets a priority.

Although there was no single, uniform definition of the Internet of Things, it generally referred to physical objects - from home thermostat and lighting controls to baby monitors and wearable fitness gadgets - that connected to the internet and each other. Leaving out computers and smart phones, such devices would be estimated at 25 billion worldwide, including health monitoring, home security, vehicle, power usage and many other products.

Although such gear came with a wide range of potential uses, they also generated and stored enormous amounts of potentially sensitive data and the FTC raised questions about who had access to that information and how it was protected.

For instance, what if a prospective employer could see that you were regularly out driving at 3 am could that hurt your chances of landing a job, or push up your auto insurance rates?

Meanwhile, The Register reported that the FTC now said it was not the time for new laws on the "Internet of Things" - but security needed to be improved as the era of always-on, always-connected gadgets, sensors and machines embedded in homes, streets and pockets drew closer.

There would be 25 billion devices connected to the internet by the end of the year, doubling to 50 billion by 2020, as per Cisco's estimates, but the problem was that many of the companies churning out these gizmos were not properly considering the risks associated with gathering masses of personal sensitive data, the report said.

According to the FTC, security and ultimately the safeguarding of privacy was the biggest problem and it needed to be ''built into devices at the outset rather than as an afterthought." Employees also needed to be trained up on the importance of security so there was a company-wide understanding and approach to protecting data, both internally and with any third parties that companies worked with.