The Internet of Things, with connectivity and data transfer operating in non computer household items – like fridges, cars, and toys, for example – means that issues of security, confidentiality, and so on, need to be addressed by whole swathes of industry that are rather inexperienced in these areas. I have heard several stories of producers who include a security review as one of the last things on the production timeline, whereas most experts seem to highlight the need for security to be built in to products from the very beginning.
The Register has an interesting item about two toys that seem to have been produced with security flaws, leaving users – OK, the child users – and their families as targets for data theft, surveillance, and who knows what other misfortune.
One flaw found in a toy watch:
“…created a possible means for hackers to add their account to a family’s user group, enabling them to see the child’s location, history, profile details and even to message them.
It highlights how insidious and potentially dangerous the Internet of Things (IoT) is. Expect more stories like this, as the IoT is only going to become more extensive, and it’s unlikely security performance by producers will improve. At least in the cases referred to, the companies involved were praised:
“…for a prompt reaction and response to the reported problems. Other IoT toy vendors should take lessons from the incident and endeavor to bake in basic security controls into products…”
Manufacturers of the world, you have been warned!