Pallone, Schakowsky urge FTC action on IoT device security in wake of DDoS attack

U.S. Reps. Frank Pallone, Jr. (D-NJ) and Jan Schakowsky (D-IL) recently urged the Federal Trade Commission (FTC) to take action regarding consumer protections and Internet of Things (IoT) devices following a massive distributed denial-of-service (DDoS) attack last month that caused outages of many popular U.S. websites.

IoT devices were a key component in the cyber attack that occurred on Oct. 21. The botnet used to initiate the attack, known as Mirai, scanned the internet for poorly secured devices and leveraged them to produce a massive wave of traffic, leaving many popular websites inaccessible for hours. The botnet was able to connect to an approximate 400,000 IoT devices utilizing an approximate 60 names and passwords.

“It is time for the FTC to strongly reinforce to both consumers and device manufacturers the need to adopt strong security measures,” the lawmakers said in a letter to the FTC.

“First, the FTC should call on IoT device manufacturers to implement security measures, including patching vulnerabilities and requiring consumers to change the default passwords on devices during the setup process. Second, the FTC should alert consumers to the security risks posed by continuing to use default passwords on IoT devices,” the letter said.

Energy and Commerce Committee Ranking Member Pallone and Commerce, Manufacturing, and Trade Subcommittee Ranking Member Schakowsky asked the FTC to utilize all tools at its disposal to ensure that IoT device manufacturers implement stronger security measures to ensure consumer security.