c.2013 New York Times News Service
WASHINGTON — The so-called Internet of Things — digitally connected devices like appliances, cars and medical equipment — promises to make life easier for consumers. But regulators are worried that some products may be magnets for hackers.
On Wednesday, the Federal Trade Commission took its first action to protect consumers from reckless invasions of privacy, penalizing a company that sells Web-enabled video cameras for lax security practices.
According to the FTC, the company, TRENDnet, told customers that its products were “secure,” marketing its cameras for home security and baby monitoring. In fact, the devices were compromised. The commission said a hacker in January 2012 exploited a security flaw and posted links to the live feeds, which “displayed babies asleep in their cribs, young children playing and adults going about their daily lives.”
“The Internet of Things holds great promise for innovative consumer products and services,” Edith Ramirez, the commission’s chairwoman, said in a statement. “But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.”
TRENDnet officials did not respond to a request for comment.
While the Internet of Things is still evolving, the concept currently embraces both industrial and consumer products. In a factory, sensors can be used to monitor manufacturing processes, warning that a machine needs maintenance and potentially avoiding a breakdown. At home, so-called smart appliances like refrigerators or thermostats can feed information via the Internet to manufacturers and service providers to keep the products humming.
Robert R. Belair, who formerly served in the commission’s division of consumer protection and who is now the managing partner of the Washington office of Arnall Golden Gregory, said it was not yet clear whether the Internet of Things “changes the nature of the privacy threat, or just exacerbates the threat in certain ways that require a little more vigilance.”
In detailing the security lapses, the commission said the company transmitted customers’ login information over the Internet in clear, readable text rather than encrypting the data. It also said TRENDnet’s mobile application, which allows customers to control the home camera from a smartphone, did not properly protect users’ credentials. When the company became aware of the flaws, it uploaded a software patch to its website and tried to alert customers.