Following the news that Amazon and eBay are among retailers pulling a brand of cuddly smart toys from sale after warnings they pose a cyber-security threat, Keiron Shepherd, Senior Security Systems Engineer (UK & I) at F5 Networks commented below.
Considering the regulations and laws in place to safeguard children’s privacy, consumers might assume electronic devices and connected toys are safe, but instead they pose a serious privacy risk. With each new cyber threat brought to light, it becomes more clear that we cannot trust manufacturers to take care of our security.
Keiron Shepherd, Senior Security Systems Engineer (UK & I) at F5 Networks:
“The CE certification mark on products indicates conformity with health and safety protection standards in the EEA. However, consumers seeing this mark are falsely assuming connected toys have had the right level of tests carried out against software running on the product. The hacking threat posed by smart toys remind us of recent claims that smart assistants are listening to and recording user’s conversations to gather this data.
“Retailers must view this as a warning to impose a minimum level of security that manufacturers must meet before they commit to stocking and selling goods. In the U.S., an IoT cybersecurity act is being introduced, meaning all devices must meet a certain standard, with no default passwords and robust firmware that can be patched. The onus cannot stay with retailers, as consumers should take heed and be fully aware of the consequences that bringing new connected devices into their homes brings.
“Toys are just another example of the ever increasing devices that are appearing on the internet, which can be used as weapons to take down websites and servers in malicious DDoS attacks.”