No Hack, Still Liable, Court Finds ADT

Author: IPVM Team, Published on Jun 20, 2017

Recently, ADT has been in the news for a $16 million settlement for a cyber security vulnerability class action suit.

One of the most important and interesting points behind this settlement is a court order that found ADT could be found liable even if no actual hacks were proven. Many could see this as counterintuitive since what 'damage' had occurred if there was no hack / incident?

In this note, we examine that court order, how the Court reached that conclusion and what impact it might have on manufacturers and providers generally.

********,*** *** **** ** *** **** *** * $** ******* settlement*** * ***** ******** ************* ***** ****** ****.

*** ** *** **** ********* *** *********** ****** ****** **** settlement ** * ***** ***** **** ***** *** ***** ** found ****** **** ** ** ****** ***** **** ******. **** could *** **** ** **************** ***** **** '******' *** ******** if ***** *** ** **** / ********?

** **** ****, ** ******* **** ***** *****, *** *** Court ******* **** ********** *** **** ****** ** ***** **** on ************* *** ********* *********.

[***************]

Executive *******

* ** ********** ******* *********** ** *** ********* *** *** ******* ********** *** ************* ******* ** ****** an ********** ** ** **:

*** ***** ********* **** ********* ************ ******* **** *** **** him * **** ** ******** ******* *** *** ********* ********* of ******** ***** ******* ** *********.

*** ********* / **** ***** ******, **** ******* ** ****** hack, ***** *** ***** ********* **** *** ******** (*** ****) should **** ********* *** ************* *** *** *** ************ ** so.

Industry *********

*** ********** ***** ********** ***** *** **** *** ******** **** about ***** *****:

*** ************ ***** ** ********* ** *** *** ******* **** the ******** ** ***** *** ******* **** ** *** ************* of ******** ******* **** ****** ********* ********** **** ***.

Consumers *** ******** ** ****

** *** **** ****, *** ********** ***** ***** **** ********* would *** ** ******** ** **** ** ***** *****:

**** ********* *** ************ ******* ******** ********* *** ****** **** "[w]hile *********** ********* ***** **** **** ****** *** ** *** possibility ** [* ******], **** ********* ***** *** **** ********* such * ******, *** ***** **** ** ******** **").

Rejects **** ** *******

*** ********* ** *********** ** ***** ** ****** ******** *** the ***** ******** ****, ******* **** * ******** ***** *** have ****** *** ******** ** **** ****:

* ****** **** *** ** ********* ** ** ********. ** is ********* ********* **** * ********** ******** ***** ****** ********** to *** **** **** ***** **** ******** ****** ***** ** easily ** ****** *** ********, **** ****** ****** ********* ** such *******.

General ********** ******** ************

*** ***** ******** *** ******** ***** ******* ********* ********, **** is:

"*** *** *** ******* ***** ******* ** ************** ** ***** is *********** *** *** ******" *** "** ***** ****** *** provide ******** ********** ** ********* ********** ** **** ** ******."

******* ** *********, *** ***** ***** ** *** *** ***** the ******** ****:

**** ******** ** *** * ********** ** *** ********* ******* fact, ****** **** ***'* ******** ******* *** ********** ** *******, jamming, *** ***** **********.

Misleading *********** / ********* ********* **** *******

*** ***** ************ ***** **** ***** ** ******** ************* ****** *********** *** (***)*** ************* ********* ***** ******** *** (****), **** ******** ** ******* ********* ******* ********** *********** *** deceptive **** ** *********.

Industry ******?

**********: **** **** *** ***** ***** ****** *** ********** ********** one's *********.

**** * ******** ***********, ** **** ***** ********. **** ***** suppose ***** ******** ***** *** **** ** ***** ** ** actual ******* / **** / ****** ******. **** ***** ****, as **** ** *** *****'* ******* ******* *-****'* ** *******, *** ******** ** ************* ** ********* ****** ***** ***** and ********* ********* *** *********** ********** ****** ***** *** ******** risks *** ******** ***.

*** ************ *********** ********** ****** ** ***'* ***** **** ($* - $* ******* ****** *******) ******** **** ********. **** ********* that *** ******* *** *** ******* ********** ***** / ******** efforts ** ****** **********. ********, ** ** ******** **** ***'* monthly ******* ******* ***** ******** **** *** ** ********* ****** vs ******** ************* **** **** ******** *** * ***-**** ******.

**** ***********, **** **** *********** **** * ******** ****** (*.*., security ********) *** ***** (*.*., ***** ******** *****) ***** ** used ** ****** ** *** * ******** **** ** *** buyer *** *** ******** **** ******, *** ****** ****** **** they ***** *** **** ****** * ******* ******** ** *** supplier *** ******** ********* / ****** ******** ***** ********. **** is *** **** ** **** **** ********* ****** ********* ********.

Comments (19)

**'* * **** *********** ****, *** ** ************** ** **** any ****** **** *** ****, ***** *** *************, ** ********* to *** ******** **** **** * ********** **** ** *** be ******. **** ******** ***** ** **** *****, *******/********, *** "smart" ******* ** *** ******, ***. **** ** *** ******** they *** * ******** ****** *** ******* **** * ******* providing ********* *** ***** ** *****, *** **** **** ***** that **** ******** ****** *** *********** ******* ** *** ******** was ******* **** * *******.

** ************** ** **** *** ****** **** *** ****, ***** any *************, ** ********* ** *** ******** **** **** * disclosure **** ** *** ** ******

** ************** (***** ** "*** ***** ******** *** ******** ***** ******* ********* ********")*** **** ** ********* ******** ** ***** (*.*., *********** ********), it ***** ** ** ************ *********, *** ****** * ******* 'anything *** ** ******' *********.

* *** **** ** ** ************* ******* ** *** ***** strategy. **** * **** ** **** ********** ******** ** ** country (***** ****) ** ****** ******* ** ******** - **** had ** ** ****** ** *******- **** *** ******* ***** system *** ********** ******* *** *** ** ********* ******. ** offered ******* ** * *** ** ***** *********** ** ** intrusion *** **** ***** *********** ** **** *********** ***** *** never ****.

**** *** ** ** ****** ** *******- **** *** ******* alarm ****** *** ********** ******* *** *** ** ********* ******.

*****, ** **** ****, ** ************* ** **** **** * disclosure / ********* ***** *** **** **** * **********, ***** neither *** *** *** ******** ****** **** *** ****** *** an ********* ******.

* ** *** **** **** *** ******** ********* *********** **** are ** ***** ****, *** ** *** ***, ***** *** a **** ****** ** **** **** *** ***** *** *** laws **** *** ******* / ******* **** *****.

**** ** ****. *** ******** *** ****** ** **** ******** language ** ** ******** *** *** ** **** **** **** for *****.

** **** ** *********** ** **** *** ******* **** **** be ** * ****** ** **** ******.

**** *** ******** * ***** ** *** ****** *****, *** increase ** ********* *** ************ *** *********** **** **** ********. There *** ****** **** ******* ** *** ****** ******, **** considerations *** *** ********** ** *** ****, *******, **** ***** set * ********* **** **** ****** **** ***** ******* ********** to *** ******** ** ********* ***** ********.

*** ** *** *** ********* * **** **, "*** ** really ***********?"

- *** *********** (*** ***** **** ** **** ****)

- *** **********

- ** ***********

- ***-****... ***.

** ** ****** ** ************ ********* *******, *** ********* *** challenges ** ***** ** ** ********.

* ** *** **** ** **-**** *** ****** ****** ** manufactures ***************, ******* * ***** ***** **** *** ************ *** integrators **** ** *** * ***** ****** ** *** ** respond ** ***** ******, *** **** **** * ********* ***********, but **** **** * ********* **********.

* ***** **** ***** ******** ** * ********** ***** ** SSN's **************** ********** ******* **** ****. *** ***** *** ** impressive ********** ** ******** ******** *** ***** ******** *** * consensus **** *** ************** ** ******.

"******" ******** **** **** ** **** *** ***** *** ****** when ** **** *** *** *** ** *** ***** **************. Almost ** **** ** ****** **** ********** ***.

*** ********* ** *********** ** ***** ** ****** ******** *** the ***** ******** ****, ******* **** * ******** ***** *** have ****** *** ******** ** **** ****:

****'* ***** ** **** ** *********** ****** ** *** **** counters *** ******* **** ** ********* ****** **** ** *********** the *******. *** ****** ***** ***** "** ** **** ****** $1M ** ********, *** ****** *** ******* ***** $*.**, **** to **** ***** *** ******* *****". * ***** **** ** a ***** **** ** *** *** ****** ******** ** ** this ****, *** **** *** ******* ****** *** ** ****** to ***** **** **** ** ********.

*** ***** **** *** ******** ***** ***** ******* *********

******* ****** **** * ***** ****** **** ******* ********* *** dahua

***** ******** *** *** ****** ********

***** ******** *** * **** ** **** *** ******** ******** has **** ******* ***** *****

*** *** ***** *** ** ***** **** ***

**** **** ***** ******** *** *******

* ****** ** * **** ** *** *********** ********, ***** the ******** ******* ** ********** *****:

  1. WIRELESS *** ******** ****** ************: Subscriber is responsible for supplying high speed Internet access and or wireless services at Subscriber's premises. RADIUS does not provide Internet service, maintain Internet connection, wireless access or communication pathways, computer, smart phone, electric current connection or supply, or in all cases the remote video server. In consideration of Subscriber making its monthly payments for remote access to the system RADIUS will authorize Subscriber access. RADIUS is not responsible for Subscriber's access to the Internet or any interruption of service or down time of remote access caused by loss of Internet service, radio or cellular or any other mode of communication used by Subscriber to access the system. Subscriber acknowledges that Subscriber's security system can be compromised if the codes or devices used for access are lost or accessed by others and RADIUS shall have no liability for such third party unauthorized access. RADIUS is not responsible for the security or privacy of any wireless network system or router. Wireless systems can be accessed by others, and it is the Subscriber's responsibility to secure access to the system with pass codes and lock out codes. RADIUS is not responsible for access to wireless networks or devices that may not be supported by communication carriers and upgrades to subscriber system will be at subscriber's expense.

** **** ***** ********* ******* ***** ******** ** *** ********* the ******** *******, ** *** ******** ******* ** ********** ** the ******** **** *** ********* *********. * ***** ***** ********* need ** ******* *** ********* **********.

******,

****** *** *******. * ** *** **** **** *** ******* you ****** ** ******* ** **** *****, *.*.:

********** ** *********** *** ********* **** ***** ******** ****** *** or ******** ******** ** **********'* ********....

****** ** *** *********** *** *** ******** ** ******* ** anywireless ******* ****** ** ******. Wireless systems can be accessed by others, and it is the Subscriber's responsibility to secure access to the system with pass codes and lock out codes. [IPVM highlighted]

*** *** * **** **** ** **** ** ** * disclaimer ***** *** ****'* *** ******** *******, *** *** ******** communications ******** / **** ** *** ***** ******. ** *** ADT ****, **** *** ****** **** *** *** ******'* *** wireless *** ********, *** *** *********'* ******** *******.

*****/********? ** * ******* *********?

*******, * ***** ************ ***** **** *** ** **** ** was ******** * ********** ***** **** *****.

* *** ******* * ******* *****. **** * *** ****** to *** ** ** **** *** ******** ********** **** ** ADT *** *********** ********* *** ****** *********** ***** *** ******** or **** ** ******** ** ********* ** *** ***** ****** 9. ** **** ***** *** *** ***** **** ******** ************ than *** ***** ********, ****** *** ** ***** ******* ****** contracts. * *** **** ******* ***** ******* ********* (**** **** users) *** **** **** ******* ** ******* **** *** ***** industry *** ******** ***'* **** ********* ** ***** *** ***** of ********* ******** **** ****:

*. * ******** **** ** ****** *** *** ****** ******** is ****** *** *** ******, **** ****** ** ** ****** by *** ********* *** *********, *********, *********,...

*. **** ** * ***** **************, ** ********** ******* ** a ******** **** ***** ******.

*. ********* ****** ** ****** ********* ** *** *******.

*** *** ******** *** ** *** ****.

********* *** *** ******** **** ** ******* ******* **** *** big **** (******, *****, *********) *** *****.

* ******** **** ** ****** *** *** ****** ******** ** blamed *** *** ******, **** ****** ** ** ****** ** the ********* *** *********, *********, *********,...

**, *** ** ** *****, *** *** / *********** **** is *** ***** * **** ********* ** ***, **** *** title ** **** **** - '** ****, ***** ******'.

* ** *** ********** *** ******* *** *********. * ** emphasizing **** ***** ******* *** *** ****** ** ****** *** case ** **** ****, ******* **** ** ***** ***** / misleading ***********, *** ****** **** * ****.

*** ***** ** **** ** *** ******* ** ******** ***** systems *** *** ********* **** ******* ***** **** **** *** ADT ******* ***** *** ******** ************ *** ** ******* *** manipulate *** ****** ** *** ***** ****** ** ****** ***** an ***** ** ****** * ******** ** ******* *** ****** by **** **** ** *******.

***** ** *** ******* ** *** **** ***** ** *** been **** ************ ****** ** * ********** *****, *** *** some ****** ** ********** ** *** ***.

*******: * **** *** * ***** **** *** **** * significant ****** ** **** ********* ******** ** ******* ******* **** does *** **** **** ***** **** *** **** ****.

* ***** ***** *** ***** *** ** *** ******** *** that ***** **** *** **** ********** ** *** ***** **** not **** *** ***** ****** ** * ****.

******** ** * **** ***** ******** ** ******* *******.

*******: * **** *** * ***** **** *** **** * significant ****** ** **** ********* ******** ** ******* ******* **** does *** **** **** ***** **** *** **** ****.

** *** **** **** ********* ******** **** *** ************ ****** you * ****** ***** **** *** ****** ** **** ***, the ******** ***** ** **** ** *** *** **** ** their ***** ****'* **** ****. *** **** ******** ***** ****** you ** ******, ***. ****'* **** ********* ** **** ******** here.

* **** **** *** *** *** ***** *** **** **** it

****** *** ******** ******** *** ** *** *****

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Chinese Government Hikvision Surveillance System On US Government Network on Jan 18, 2018
Hikvision, the Chinese government-owned manufacturer, has publicly claimed that their products are running on a US government network. Moreover,...
Hikvision Removed From US Army Base, Congressional Hearing Called on Jan 12, 2018
Hikvision has been removed from a US Army Base and a US congressional committee is planning a hearing on cybersecurity risks and specifically,...
CES 2018 Show Final Report on Jan 12, 2018
This is IPVM's final edition of our 2018 CES show report. Below are already numerous images and commentary, with more coming tomorrow.   CES is...
Hikvision Declares 'Never Click On Links In Emails' on Jan 09, 2018
Hikvision is stepping up its cybersecurity efforts with a clear recommendation - to never click on links in emails: It is a surprising change...
The Interceptor Aims To Fix Vulnerability In Millions of Alarm Systems on Jan 08, 2018
Security executive Jeffery Zwirn claims a 'catastrophic' flaw exists in 'millions of alarm systems', and dealers could be liable if not fixed. The...
Chinese Government Attacks Western Reports on Jan 03, 2018
The Chinese government is angry at the BBC and WSJ's reporting on Chinese video surveillance (see BBC Features Dahua and WSJ Investigates China's...
Amazon Acquires Blink on Dec 22, 2017
Amazon has made their first significant acquisition in the connected home space, buying wire-free camera manufacturer Blink. We examine Amazon's...
Hacked Hikvision IP Camera Map on Dec 18, 2017
The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA. Hover over a marker to see an image from...
Directory of VSaaS / Cloud Video Surveillance Providers on Dec 15, 2017
This directory provides a list of VSaaS / cloud video surveillance providers to help you see and research what options are available. 2018 State...
Testing DMP XTLPlus / Virtual Keypad Vs Alarm.com & Honeywell on Dec 13, 2017
DMP has a strong presence in commercial intrusion alarms, but not in residential. However, the company's XTLPLus wireless combo panel and Virtual...

Most Recent Industry Reports

Chinese Government Hikvision Surveillance System On US Government Network on Jan 18, 2018
Hikvision, the Chinese government-owned manufacturer, has publicly claimed that their products are running on a US government network. Moreover,...
Camera Course - Last Day - Save $50 on Jan 18, 2018
Today is the last day to save $50 - register now. Learn video surveillance and get certified. Save $50 on the course, ending this Thursday the...
VSaaS Usage Statistics 2018 on Jan 18, 2018
VSaaS has been a 'next big thing' for more than a decade. The prospect of managing, storing and streaming video from the cloud rather than...
Vivint Streety Video Strengthens Door Knocking on Jan 17, 2018
Vivint is famous (or infamous depending on your perspective) for mastering large scale door to door selling. The company has skyrocketed from a...
Axis: "It’s A Question Of Trust And Who You Want To Be Associated With" on Jan 17, 2018
Who do you trust? Who do you want to be associated with? Axis is raising hard questions to start 2018. In this note, we examine these questions,...
Software House Vulnerability Allows Inside Attacker To Open Doors on Jan 17, 2018
A vulnerability in Software House IP-ACM modules allows an attacker to potentially unlock doors, or perform other actions, on affected systems....
'Defiant' Hikvision 'Strikes Back' At WSJ And US on Jan 16, 2018
The fight is on. Hikvision and their owner, the Chinese government, 'strikes back' against the Wall Street Journal and US politicians raising...
The 2018 Surveillance Industry Guide on Jan 16, 2018
The 300 page, 2018 Video Surveillance Industry Guide, covering the key events and the future of the video surveillance market, is now available,...
Edward Snowden Haven App Tested on Jan 16, 2018
Global coverage followed the December 2017 announcement that Edward Snowden was leading a team developing Haven, an app "that leverages on-device...
This High Schooler Is Excited About His Future Security Career on Jan 15, 2018
A common lament is that smart, young people have little interest in surveillance systems. In fact, discussions like Should Talented Young People...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact