Endpoint Security , Internet of Things Security , Open XDR

Why It's Illegal to Fix Your Internet-Connected Device

Kyle Wiens of iFixit Says Laws Affect Security Research,'Right to Repair'
Kyle Wiens founder, iFixit

If a manufacturer decides to stop supporting an internet-connected device, can you fix or patch the software yourself?

See Also: The Security Testing Imperative

If the fix involves circumventing encryption or other digital locks, it may be illegal under the U.S. Digital Millennium Copyright Act unless the particular device is exempt. The act affects security researchers, who could potentially be sued for bypassing technical protections.

Other hurdles are in place as well: Manufacturers often closely guard critical technical information, tools and parts that would make third-party repairs feasible.

As an example, Samsung produced refrigerators that integrated with Google Calendar, says Kyle Wiens, the founder of iFixit, a website offering insights on how to repair devices. Google updated the calendar API, but Samsung didn’t. The only way to restore the functionality is to jailbreak the fridge, which runs on Android, he says.

Wiens says there are growing "right-to-repair" movements in many countries that seek to loosen restrictions and open up the market for third-party repairs or do-it-yourself fixes.

“We have been working on trying to fix those laws and find exemptions to the laws to make it legal to jailbreak their refrigerator so that when you get your coffee in the morning you can find out when your first meeting is,” he says.

It’s also important for security reasons. The long lifespan of, for example, home appliances means that security updates for an internet-connected washer may be needed after the manufacturer has dropped support.

In this video interview, Wiens discusses:

  • How the Digital Millennium Copyright Act’s section 1201 affects security research;
  • Why manufacturers don’t have a good track record of patching IoT;
  • What legislative action is underway to address the "right to repair."

Wiens is the founder of iFixit. He testified before the U.S. Copyright Office, helping secure three-year exemptions from the DMCA’s section 120 to allow the jailbreaking of home assistants such as Alexa and the repair or modification of software running on tractors.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.