Pallone and Schakowsky told FTC Chairwoman Edith Ramirez in a joint letter published Thursday that FTC should urge manufacturers to patch vulnerabilities and require consumers to change default passwords during device setup to prevent botnet attacks.
They added the commission should also also warn consumers on security risks posed by unchanged default passwords on IoT devices in light of the distributed denial of service attack that affected access to multiple websites on Oct. 21.
“The FTC has an obligation to offer security warnings and make information on changing passwords easily accessible to consumers,” Pallone and Schakowsky said.
Forty percent of respondents in a survey said they are not confident with IoT devices’ safety and capacity to secure personal information while 50 percent did not change default passwords on their home routers, according to the two lawmakers.
Disruptions similar to the recent DDoS attack are likely to become more common and more botnets could take advantage of default passwords if device manufacturers do not implement security measures, Pallone and Schakowsky added.