Endpoint Security , Internet of Things Security , Open XDR
Why It's Illegal to Fix Your Internet-Connected Device
Kyle Wiens of iFixit Says Laws Affect Security Research,'Right to Repair'If a manufacturer decides to stop supporting an internet-connected device, can you fix or patch the software yourself?
See Also: The Security Testing Imperative
If the fix involves circumventing encryption or other digital locks, it may be illegal under the U.S. Digital Millennium Copyright Act unless the particular device is exempt. The act affects security researchers, who could potentially be sued for bypassing technical protections.
Other hurdles are in place as well: Manufacturers often closely guard critical technical information, tools and parts that would make third-party repairs feasible.
As an example, Samsung produced refrigerators that integrated with Google Calendar, says Kyle Wiens, the founder of iFixit, a website offering insights on how to repair devices. Google updated the calendar API, but Samsung didn’t. The only way to restore the functionality is to jailbreak the fridge, which runs on Android, he says.
Wiens says there are growing "right-to-repair" movements in many countries that seek to loosen restrictions and open up the market for third-party repairs or do-it-yourself fixes.
“We have been working on trying to fix those laws and find exemptions to the laws to make it legal to jailbreak their refrigerator so that when you get your coffee in the morning you can find out when your first meeting is,” he says.
It’s also important for security reasons. The long lifespan of, for example, home appliances means that security updates for an internet-connected washer may be needed after the manufacturer has dropped support.
In this video interview, Wiens discusses:
- How the Digital Millennium Copyright Act’s section 1201 affects security research;
- Why manufacturers don’t have a good track record of patching IoT;
- What legislative action is underway to address the "right to repair."
Wiens is the founder of iFixit. He testified before the U.S. Copyright Office, helping secure three-year exemptions from the DMCA’s section 120 to allow the jailbreaking of home assistants such as Alexa and the repair or modification of software running on tractors.