A bill seeking to address vulnerabilities in computing devices embedded in everyday objects, also known as IoT, has been proposed by a group of US senators.
The bill was drafted with input from technology experts at the Atlantic Council and Harvard University and a Senate aide who helped write the bill said that companion legislation in the House was expected soon. It comes in the light of security researchers observations that an array of online devices including cars, household appliances, speakers and medical equipment are not adequately protected from hackers who might attempt to steal personal information or launch sophisticated cyber attacks.
Thus, vendors that provide internet-connected equipment to the US government have to ensure their products are patchable and conform to industry security standards. Furthermore, the bill would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities. The legislation was intended to remedy some market discrepancies that have left device manufacturers with little incentive to build with security in mind.
In October 2016, hundreds of thousands of insecure webcams, digital records and other everyday devices were hijacked to support a major attack on internet infrastructure that temporarily knocked some web services offline, including Twitter, PayPal and Spotify.
By 2020, researchers estimate that between 20 billion and 30 billion devices might be connected to the internet, with a large percentage of them insecure, according to Reuters.