It was shocking to learn that the recent distributed denial-of-service attack of the nation’s internet infrastructure via DNS provider Dyn was aided and abetted by a hijacked army of products from the internet of things. It is thought to be the first DoS attack to rely overwhelmingly on a lot of “dumb” appliances that have little processing power of their own but are connected to the internet. That’s right, the internet was crippled because our coffee makers, washing machines and refrigerators were recruited to bring it down.
It was a disturbing illustration of how the IoT is quickly opening up a whole new world of legal liability. If you make a toaster oven addressable through the internet, that oven can be hacked and possibly cause harm. Someone’s house could burn down on a remote hacker’s order, for example. Most of these products’ usernames and passwords are simply not changed from the factory defaults, which might be such obvious things as “admin” and “1234.” Hackers can use software to search the internet for devices whose usernames and passwords have not been changed. Once those devices are identified, they can be hacked.
And the manufacturer of any “thing” in the internet of things that gets hacked could be held liable. Let’s say a coffee maker was hacked and then started a fire, causing damage to the consumer’s property. The consumer could have a claim against the manufacturer of the coffee maker, regardless of who the hacker was. To guard against liability, adequate cybersecurity measures must be implemented for these devices.
To continue reading this article register now