News has surfaced that security researchers have discovered 23 vulnerabilities in Circle with Disney monitoring software which could be used to hijack full families of devices. Circle with Disney is touted as “the smart way for families to manage content and time online, on any device.” IT security experts commented below.
Christopher Littlejohns, EMEA Manager at Synopsys:
“The discovery of 23 vulnerabilities in a product specifically aimed at the control of internet access by family members highlights the ongoing struggle against security vulnerabilities. Whilst many development teams are no doubt putting at least some effort into securing their devices and software, it demonstrates that this is not just an research & development issue, but also an ongoing operational issue for companies that are selling similar products.
“The ability of researchers and, of course, hackers to find and exploit vulnerabilities in connected devices appears to be developing at a faster pace than the product developers. There are many reasons for this, but they tend to have their root cause in the lack of application of good practices during the design and development, and in the lack of attention post release. This allows hackers to find and target easily detected vulnerabilities with tried and tested techniques. As a minimum companies should apply those same techniques themselves both during and after product development.”
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“IoT consumers need to be aware of the security risks attached to IoT devices, of which there are many. IoT security as it stands today is broken and so the public should be wary of connected devices in the home. This simple reason alone should also be a warning to globally recognised companies who wish to distribute or manufacture such devices with a “sales-first” mentality. These companies need to take a step back, look at more secure alternatives, such as using open source and working in security from the ground up in their products. It’s high time for security to stop being an afterthought.”