In Smart toys may be a dumb purchase, I highlighted a Register article about woeful security in Internet of Thing (IoT) items. Here are a couple of links to more stories along the same lines. However, in these cases, it looks as if the companies were aware of the risks – well aware of the risks, having in one instance received repeated, knowledgeable warnings – but ignored them. Shocking behavior.
Will the marketplace sort these companies out, or will there be legislation? The latter course is rarely successful with technology, but some may argue there has to be some kind of specific backstop to prevent companies behaving in such an apparently reckless fashion.
The Internet of Things, with connectivity and data transfer operating in non computer household items – like fridges, cars, and toys, for example – means that issues of security, confidentiality, and so on, need to be addressed by whole swathes of industry that are rather inexperienced in these areas. I have heard several stories of producers who include a security review as one of the last things on the production timeline, whereas most experts seem to highlight the need for security to be built in to products from the very beginning.
The Register has an interesting item about two toys that seem to have been produced with security flaws, leaving users – OK, the child users – and their families as targets for data theft, surveillance, and who knows what other misfortune.
One flaw found in a toy watch:
“…created a possible means for hackers to add their account to a family’s user group, enabling them to see the child’s location, history, profile details and even to message them.
It highlights how insidious and potentially dangerous the Internet of Things (IoT) is. Expect more stories like this, as the IoT is only going to become more extensive, and it’s unlikely security performance by producers will improve. At least in the cases referred to, the companies involved were praised:
“…for a prompt reaction and response to the reported problems. Other IoT toy vendors should take lessons from the incident and endeavor to bake in basic security controls into products…”
Manufacturers of the world, you have been warned!