Why Retailers Should Take Action to Avoid the Next IoT Security Disaster

By Brad Ree, CTO of ioXt.
With the burgeoning market of the Internet of Things expected to have 24.1 billion active IoT devices come 2030 , the world as we know it will only continue to grow more connected. Through a constant stream of new and innovative products across items like smart speakers, wearables, and connected appliances — consumers have more options for convenience and experience at their fingertips than ever before. But with constant connection comes an exorbitant amount of shared data that has become much more accessible to hackers and malicious actors today. The baseline security measures that may have worked at protecting consumers before aren’t always effective now at preventing these kinds of attacks.
The unfortunate truth is, IoT security is an overlooked necessity for many companies and only brought to mind in instances like data breaches or when hit with legal repercussions. We saw this recently pan out with Canadian smart lock manufacturer, Tapplock, who had to suffer the consequences for its negligence on security measures in April. According to the FTC, Tapplock claimed to have an “unbreakable design” and took “reasonable precautions” to protect personal information but the device actually had several security vulnerabilities including one that created a way to gain access to users’ accounts and bypass account authentication.
Although Tapplock and the FTC had settled this matter, there were several big-box retailers that still had their locks on their shelves after the case. Whether or not these retailers knew about the security mishap, this situation begs an important question around liability for all parties involved , including the channel owner selling the end-products.
Can retailers and partners of the manufacturer also be held liable for distributing and/or selling insecure IoT devices?
Knowing the answer to this question can save the next big-box retailer from packing their shelves with faulty IoT devices and getting caught up in a storm of litigation.
Avoid Being “FTC’d”
Selling defective products is grounds for a class-action lawsuit. Retailers may not know every detail of their supply chain, but not knowing won’t save them from a visit from the FTC. Retailers must do their due diligence to be informed about their suppliers and incoming products. Taking the time to do so can potentially prevent the next IoT security disaster .
Within states such as Connecticut, California, and New York, for instance, retailers can be held liable for selling defective goods under product liability laws and would be brought under charges such as strict liability, negligence, or breach of warranty . Ensuring that security measures are put in place does not only protect retailers, it also protects consumers from having their personal information compromised.
Take Action: The Time is Now
As retailers take necessary action to protect...