BITAG Releases Report Containing Security and Privacy Recommendations on Internet of Things Devices

message on keyboard enter key, for privacy policy conceptsBy: Matthew N. Foree

With the increase of devices embedded with Internet connectivity and functions, called the Internet of Things (IoT), a corresponding interest in vulnerabilities in the security of such devices has developed. Recently, the Broadband Internet Technology Advisory Group (BITAG) released a report regarding its security and privacy recommendations concerning the IoT (Report). BITAG is a non-profit organization focused on bringing together engineers and technologists to develop consensus on broadband network management practices and other related technical issues that can affect users’ Internet experience. Entitled “Internet of Things (IoT) Security and Privacy Recommendations,” its Report analyzes devices embedded with Internet connectivity and functions (IoT devices) and offers guidelines to improve their security and privacy. A copy of the report is available here.

In its Report, BITAG observed several vulnerabilities of IoT devices, including security vulnerabilities, insecure communications, and data leaks. It noted that some IoT devices ship from the manufacturer with software that is either outdated or becomes outdated over time.  As such, vulnerabilities discovered throughout the device’s lifespan may make the device less secure, unless it has the ability to update its software. BITAG also noted that many security functions of IoT devices are difficult to implement and include flaws. For example, some IoT devices provide automatic software updates, but do not use authentication or encryption. Therefore, unencrypted communications can be observed by other devices or an attacker. It also recognized that IoT devices may leak user data that is private, both from the cloud and between IoT devices.

To counteract the vulnerabilities it identified, BITAG offered several recommendations. Among other things, it recommended that IoT devices use best current software practices, including shipping with reasonably current software and having a mechanism for automated, secure software updates, as well as using strong authentication by default.  Additionally, BITAG recommended that IoT devices follow best practices for security and cryptography, including encrypting local storage of sensitive data and authenticating communications, software changes, and requests for data.  BITAG also recommended that the IoT device industry consider a cybersecurity program.

It remains to be seen whether manufacturers of IoT devices will invest in implementing the kind of recommendations suggested by BITAG. Until then, BITAG’s Report reiterates that this is an unresolved area of concern by highlighting ongoing security and privacy vulnerabilities of IoT devices.

For any questions you may have, please contact Matthew Foree at [email protected].


Be on the Lookout for Minimum Wage Increases in 2017

California Strengthens Data Breach Notification Law, Again

BITAG Releases Report Containing Security and Privacy Recommendations on Internet of Things Devices

San Francisco’s Paid Parental Leave Law

Learn more about FMG

CGL and Business Liability

Commercial and Complex Litigation

Construction and Design Law

Financial Services and Securities

Insurance Coverage & Bad Faith

Government Law

Labor and Employment Law

Professional Liability / Errors and Omissions

Freeman Mathis & Gary, LLP
100 Galleria Parkway
Suite 1600
Atlanta, Georgia 30339-5948

Tel: 770.818.0000 / Fax: 770.937.9960

Copyright © 2016 Freeman Mathis & Gary, LLP Click here to print the article.