Xiongmai?s recall may be the first of its kind that was spurred by IoT devices participating in botnets, and it may even set a precedent for future attacks. Many experts have been warning about an impending IoT security catastrophe due to how unsecure and unsupported most of the devices are.
The vulnerabilities are due to manufacturers trying to sell IoT devices as cheaply as possible. However, if governments force the companies to recall products that are part of botnets every time an attack happens, then they may begin to quickly change their thinking in regards to how ?cheap? it is to avoid securing them properly by default, or not to update them. They may find that recalls are much more expensive in the end.
The recall solution, which serves as a way to keep companies liable for irresponsible design and manufacturing, is already commonplace in the automobile industry. Although not perfect, it seems to have worked quite well, so it may be something for regulators to consider.
Forced recalls aren?t a rule yet, so it remains to be seen if other IoT manufacturers will start to take notice of what happened and significantly improve their products? security before governments get a chance to act and impose stricter certification regulations. If the U.S. government pressured Xiongmai to recall its products, then it may use its power again if it finds another company?s products used in a massive DDoS attack.
That's all the more reason for IoT manufacturers to act sooner rather than later and design their products with security in mind from the beginning. Bolstered security would avoid recall situations, and it would make it cheaper to update them in the future because there would be less of a need if security is already solid.
Reply With Quote
Bookmarks