Staff at the FTC’s Bureau of Consumer Protection (BCP) have warned that poorly secured IoT devices could result in consumer safety hazards.

In a comment to the Consumer Product Safety Commission (CPSC) about potential IoT safety issues, the BCP underlined that

poor security in IoT devices might create technology-related hazards associated with the loss of critical safety function, loss of connectivity, or degradation of data integrity. For example, a car’s braking system might fail if infected with malware, or carbon monoxide or fire detectors could stop working if they lose their Internet connection.

Recommendations included the CPSC considering how companies might enable sign-ups for safety-related communications, notifications and product recalls. The comment also outlined the FTC’s educational and enforcement work related to IoT security, including guidance on how to address privacy and security risks.

For any IoT safety regulations that CPSC might implement, the BCP recommend using a technology-neutral approach, flexible enough to handle constant innovation. If the CPSC considers certification requirements, the BCP suggested requiring manufacturers to make their own standards public, to improve transparency and subject firms to the FTC Act, which prohibits misrepresentation of security practices in certifications.

The Commission voted 5-0 to authorize staff to file the comment.