The Star Wars BB-8 toy can be hacked via a firmware update hijack. Security researchers claim that the firmware update process is flawed because it takes place via HTTP. Paul Farrington, senior solution architect at Veracode, the application security specialist have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Paul Farrington, Senior Solution Architect at Veracode :
While news that the Star Wars BB-8 toy can be hacked is significantly less serious that the Vtech breach, due to the lack of data collection features, this case once again demonstrates the vulnerable nature of connected devices in the home. As we are seeing with many IoT manufacturers, too many consumer technology companies just aren’t considering security as of primary importance to their core business. Many toy manufacturers are not used to the rigor around secure development that’s is essential in today’s environment and are inevitably falling short on security. While this vulnerability may not result in a data loss from the device owners, it once again highlights the threat posed to connected devices and why greater consideration must be given to security during product development.
Within the European Economic Area, parents are familiar with the CE Mark that appears on toy packaging. The CE logo is the manufacturer’s declaration that the product meets the requirements of the EC directives.
Sadly, this does not yet extend to the cyber safety of the device. Where connected devices have the ability to interact with our children, it’s vital that care is given to the software design onboard these play devices. In 2014 the media reported on a Russian website targeting the webcams of UK homes and businesses. In some cases, camera feeds from nurseries and children’s bedrooms were being streamed across the Internet without the owner’s knowledge due to weak security.
In the latest Star Wars Movie, BB-8 does everything possible to avoid capture by the evil First Order. In real life, a little more could be done to keep both the droid and child safe from hackers.[/su_note][su_box title=”About Veracode” style=”noise” box_color=”#336588″]Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security.Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.