The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”
Toronto-based Tapplock, Inc. is an Internet of Things (IoT) technology company that provides smart security solutions for both business and end-users alike. It sells Internet-connected smart fingerprint padlocks that interact with users’ mobile devices when within Bluetooth range.
According to the FTC, although the company advertises its locks as highly secure, these devices are not secure. Moreover, the commission claims that Tapplock hasn’t taken reasonable precautions, and failed to follow industry best practices and keep collected consumer data secure.
Personal information collected by the Tapplock app includes usernames, email addresses, profile photos, and the smart lock’s precise location.
Security researchers have identified both physical and electronic vulnerabilities in Tapplock’s devices, allowing easy access to attackers. Moreover, users cannot effectively revoke access to their locks and the account authentication process can be bypassed, resulting in leaked personal information.
In its complaint, the FTC also alleges that Tapplock failed to take the necessary measures that would have helped it identify electronic vulnerabilities in its locks.
Last week, the agency approved a settlement initially announced in April. The settlement requires Tapplock to implement a security program and prohibits the company from misrepresenting its privacy and security practices.
Furthermore, the IoT provider is required to subject its information security program to third-party assessments every two years, and the commission has authority to approve the assessor for each two-year period.
“After receiving no comments, the Commission voted 5-0 to finalize the settlement,” the FTC announced.
Related: Massachusetts, Indiana Settle With Equifax Over 2017 Data Breach
Related: InfoTrax Settles With FTC Over Data Breach
Related: Tech Companies Partner to Securely Connect IoT to Cloud
More from Ionut Arghire
- Google Leads $16 Million Investment in Dope.security
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
