Comment: Connected Toys Identified With Serious Security Flaws

By   ISBuzz Team
Writer , Information Security Buzz | Dec 11, 2019 06:31 am PST

It has been reported that a range of connected toys available on the high street and online have been found to include serious security flaws which could put children at risk of exposure to strangers and inappropriate content. That is the conclusion of research from consumer group Which? after testing of a series of popular ‘smart’ toys fitted with internet and Bluetooth connectivity.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Hagay Katz
Hagay Katz , VP Cybersecurity
December 12, 2019 8:48 pm

Toys have always been thought of as an innocuous and safe gift for a child but in the age of “smart toys,” these innocent gifts are more often than not gaping security loopholes for hackers to take advantage of. Their proliferation seemingly has no end with 5G’s promised speeds. The thought that a toy meant to comfort one’s child could be watching everything that’s happening inside a child’s room is a parent\’s worst nightmare. But the reality is that a number of unsuspecting families are already victims of such grievous crimes. The truth is, kids’ connected toys are collecting their owners’ private data and eavesdropping on their owners. Once a hacker is in, these seemingly safe devices can be used to spy and track little ones’ locations along with the rest of their family.

Consumers should be wary of products they are bringing into their homes to ensure they are properly protected and the devices are in fact secure. When new IoT devices and corresponding software are created, risk reduction is frequently an afterthought. It is not always a top priority for device makers to collaborate and create security measures with service providers since no initial implementation incentive is seen due to a lack of profit and competition on the security side of software development. Most devices suffer from built-in vulnerabilities and are not designed to run any third-party endpoint security software. For many consumers, cybersecurity has been synonymous with antivirus. But those days are long gone. A traditional AV solution is fine for programmable devices like laptops, desktops, and tablets, but it won’t work for “headless” devices that operate without a monitor, graphical user interface (GUI) like smart toys. These devices require protection at the network level rather than at the device level.

Now, smart homeowners are turning to Communications Service Providers (CSPs) to provide this level of security for their smart devices and children’s toys without any elaborate downloads or installations on the consumer’s end. Through machine learning techniques and visibility provided by the CSP, all the devices within the home are identified. A default security policy is then applied for each device and the home network is segregated to block lateral malware propagation to protect the home and the child from prying eyes. By simply adding a software agent on the subscriber’s existing Consumer Premise Equipment (CPE), ISPs can easily roll out a network or router-based solution that protects all the consumer’s IoT devices, headless or not, toys included.

Last edited 4 years ago by Hagay Katz
Boris Cipot
Boris Cipot , Senior Sales Engineer
December 11, 2019 2:34 pm

‘Smart’ devices are widely understood to be able to connect with other devices via the internet and/or utilise artificial intelligence. Unfortunately ‘smart’ doesn’t equal ‘secure’. As consumers, we’re often captivated by device functionality, so much so that we forget that these devices could potentially leave our home network vulnerable and our privacy compromised. Children’s toys are often neglected with regards to the security conversation – it’s almost instinctual to assume they’re secure, or at least protected with careful attention since they’re for children. However, assumptions such as these are where we find security gaps. We bring smart devices into our homes, unknowingly also welcoming the potential for attackers to prey on these security vulnerabilities.

When devices including children’s toys, home security cameras, baby monitors, smart locks—and the list goes on and on—lack authentication, authorisation and other minimum security requirements, there’s potential for attackers to strike. That could mean anything from spying on the goings-on within your home to data theft to a physical burglary.

And this will continue to be a concern as long as there isn’t a standard in which device manufacturers must satisfy before making these devices available to consumers. Smart devices are becoming an increasingly integral part of our lives around the world. In addition to standards, the evolution of these devices will depend greatly on user demand. Knowing this, before ordering a new smart device this holiday season for your child, or any family member for that matter, take into account the security impact the device can have and make security a part of your purchasing decision. Understanding that consumers value security as a feature is motivation for manufacturers to build security into their next generation of smart devices.

Last edited 4 years ago by Boris Cipot

Recent Posts

Would love your thoughts, please comment.x