In order to prevent the long-term consequences of insecure IoT devices resulting in property damage, theft, or even physical harm to people, tech industry body the Online Trust Alliance (OTA) has called on the technology sector, businesses and industry, the government and consumers to come together to "avoid digital disaster".
Likening the risk to global warming or industrial pollution, the OTA warns that there will be long-term consequences resulting from failure to deal with IoT threats and that lack of action has already "created a treasure chest ripe for abuse by white collar criminals, terrorists, and state-sponsored actors as IoT devices become weaponized".
"All too many connected devices sold, ranging from automobiles and thermostats to children's toys and fitness devices, have insecure remote access and controls. By default many collect vast amounts of personal and sensitive information which may be shared and traded on the open market," warns the report, which notes how many of these devices don't have the functionality to remove personal data if they are sold or lent out.
If this sort of risk isn't curbed, the OTA suggests that we could get to the point where people could issue commands to devices in the home or workplace by yelling through a window or leaving a message on an answer machine. If they ask devices to unlock the doors, outsiders could potentially walk right in.
"It does not take much imagination to realize the risk and impact of physical harm which could occur," the report warns.
In order to combat this risk, the OTA calls for both the public and private sectors to work together to ensure security is built into Internet of Things devices as "all stakeholders bear a responsibility". This includes retailers, developers, ISP providers, regulators, government, and consumers.
The OTA argues that the IoT shows a lot of promise, but in order to protect users, action is needed now to "maximize the security, privacy and vitality of all IoT devices"
"Acting now will help prevent and mitigate the risk of a digital disaster. We all have a role and responsibility to address security and privacy," the report said.
It said retailers and resellers should help "in setting baseline security and privacy measures for the products they profit from". Meanwhile developers and manufacturers should disclose their security support commitment to users prior to purchase and "clearly articulate their security and privacy policies".
In addition, sellers of homes and cars should be encouraged to disclose all such devices and features, disable their access, and provide new owners the ability to re-set them, turn in their physical and digital keys, and remove all personal data.