David Emm, principal security researcher at Kaspersky Lab, responds to recent reports discussing how the My Friend Cayla doll can be hacked. Within his comments, David outlines his thoughts on what both manufacturers and consumers must do to help protect themselves for risks like this.
“The recent reports discussing how the My Friend Cayla doll can be hacked offer another scary example of how everyday objects can be remotely-controlled using computer technology.
“I believe there are two sides to this problem. Firstly, manufacturers need to provide a secure framework for interacting with such devices – in this case, a child’s play-thing. The reports suggest that there’s no PIN to establish a secure pairing of the doll with the app. Secondly, parents need to secure devices (including smartphones and tablets) that they use to control everyday objects to ensure their children aren’t exposed. This includes objects around the house (e.g. a smart meter) but also less obvious devices such as toys. The reports on the My Friend Cayla doll follow recent hacks on devices such as webcams and baby monitors – familiar, everyday objects that can now be accessed remotely – by a potential attacker, if the connection isn’t secured adequately.
“This particular case underlines the potential danger of the Internet of Things. Of course, the benefits that flow from an ‘Internet of Things’ are much more evident than the potential dangers. But those developing and implementing the technologies that lie behind the ‘Internet of things’ need to ensure that security is a priority from the outset. The bottom line is that if a device is connected, there’s a risk of it being intercepted if it isn’t secured.
David Emm is Principal Security Researcher at Kaspersky, a provider of security and threat management solutions.
David joined Kaspersky in 2004. He is a member of the company's Global Research & Analysis Team (GReAT) and has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee.
In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security, and is a knowledgeable advisor on all aspects of online security.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.