As a year has passed since lawmakers first discussed the passage of sweeping litigation that would raise data-security standards across the nation, security experts have lamented the lack of recent movement and action on actually passing any relevant laws. Meanwhile, the use of vulnerable smart devices as a routine part of daily life continues to grow.

As the Internet of Things “IoT” becomes more pervasive and expands its access to more and more household devices such as thermostats, pacemakers, and shower heads, the software that these devices use to access the Internet still remains woefully inadequate in terms of data encryption and consumer privacy.

Vulnerable Smart Devices Exposed With Mirai Botnet Attack

In 2016, the Mirai botnet attack exposed just how vulnerable smart devices, gadgets that have become increasingly embedded into our daily lives, are to malicious attacks by hackers. The Mirai botnet attack was able to take down major platforms such as Twitter, PayPal, and Spotify, leaving the services inaccessible to users all around the world.  The botnet attack used a large number of devices to launch a coordinated distributed denial of service “DDos” attack, and security experts noted that the source of many the attacks came from compromised, but otherwise innocuous devices, such as baby monitors, thermostats, and webcams that were connected to the Internet.  The Mirai attack was so widespread that the U.S. Department of Homeland Security began an investigation, and security experts have long warned that similar attacks are to be expected.

Smart Device Creators Chose Not To Make Devices Patchable

As a possible solution, many experts have called for IoT devices to be patchable.  The ability for manufactures or software developers to be able to push critical updates to fix major bugs, security flaws, or other loopholes has become the norm in today’s technological age.  IoT devices, however, due to their relatively simple software, often fail to be patchable as manufacturers are rarely incentivized to write sophisticated software in the first place nor keep a coding team on hand to patch it later.

As a result, experts warn that as we connect more and mundane appliances such as refrigerators and smoke detectors to the Internet, these newly “smart” devices’ lack of being able to be patched will make consumers further vulnerable to malicious intrusion or device exploitation.

Could White Hat Hackers Be The Answer To The Lack Of Safeguards And Regulation?

Similarly, experts warn that “smart” cities will be likewise vulnerable.  As some cities begin to provide city-wide Internet and connect their street cameras, lights, and transportation services to the Internet, security experts warn that the safeguards in place for such use are woefully inadequate.

To possibly curb these oversights and guide lawmakers on how to draft proper protection, data-security experts have floated the idea of the federal government seeking out the expertise of “retired” hackers.  Known as “white hat” hackers, these security researchers purposely try to expose the weaknesses in software or data infrastructure systems in order for companies to correct these flaws before pushing the devices to market.

In the end, it is clear that IoT devices show no signs of stopping in how pervasive they will become in our society.  It is up to consumers, experts, and the government alike to keep up with innovation to help ensure that the proper data privacy safeguards and protection are in place as we continue to move forward.

For more information on this topic, please visit our Data Privacy service page, which is part of our Technology & Data Practice.

See our similar posts related to vulnerable smart devices  and data privacy:

Will the Internet of Things be the Next Digital Nightmare for America?

Are Smart Devices Always Listening?

About the Firm:

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution.  Additional information about the Internet & eCommerce law firm and its Internet & eCommerce attorneys may be found at

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.

Also published on Medium.