Skip to navigationSkip to content

The US is finally getting serious about security on the Internet of Things with this lawsuit

Shadows are cast on the D-link logo in the company's headquarters in Taipei
Reuters/Pichi Chuang
Shoddy security can cast a dark shadow.
By Joon Ian Wong
Published Last updated This article is more than 2 years old.

The Internet of Things ran amok last year, as security holes in “smart” devices exposed glaring problems with connected objects, like that time in October when hijacked security cameras and other electronics were used to take down parts of the internet. Now, the US government is putting the IoT world on notice with a lawsuit against Taiwanese router manufacturer D-Link alleging shoddy security practices.

The lawsuit, filed by the Federal Trade Commission, accuses D-Link of a litany of security sins, including making default log-in credentials unchangeable, leaving user passwords in plain view on its smartphone apps, and making cameras and routers vulnerable to being remotely controlled.

The FTC’s action is a “loud warning shot” for IoT companies, said Jeremy Goldman, a partner at law firm Frankfurt Kurnit Klein and Selz who specializes in data security matters.

In a press release, D-Link said it will defend itself and called the allegations “unwarranted and baseless.”

The suit also throws the spotlight back on the question of regulation of the Internet of Things. While the FTC is taking action in this case, it’s not necessarily the US government agency responsible for overseeing the IoT sector.

In fact, it remains unclear who, exactly, should have purview over these devices. A case can be made for a plethora of three-letter agencies, including the Federal Communications Commission, the food and drug regulator, and the road transport regulator, as NextGov points out. The FTC itself has been at pains not to become the IoT’s top cop, preferring instead that the nascent industry self-regulate for now, so as not to strangle innovation in the cradle.

The FTC’s suit asks for the court to order D-Link to improve its security practices and to pay the FTC’s legal costs.

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.