The Internet Crime Complaint Centre (IC3), a division of the FBI, has issued a public service announcement about the improper security and privacy protections provided by manufacturers of Internet-connected smart toys, also known as IoT toys. The announcement comes after numerous issues were reported where smart toys had leaked the personal details of small children and vulnerabilities allowed hackers to spy on little kids. Security experts from the prpl Foundation and Plixer commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“With so many incidences involving IoT and security, it’s no surprise toys are target for hackers and now the FBI has taken notice. The security behind IoT is non-existent as developers and manufacturers by-pass security to get the latest products to market. It’s an age old cycle that of course profits the manufacturers while putting consumers in harm’s way. But there are major players in the space stepping up and attempting to solve some of the biggest problems with connected device security.
At the prpl Foundation, we have created a guide to address the security issues with IoT within the home. We are also working with industry, regulators and government bodies to educate them on how to make the necessary changes to make IoT security a priority. This is where we will see a difference in a safer and more secure Internet of Things.”
Michael Patterson, CEO at Plixer:
“Expecting consumers to do their homework before making an Internet connected toy purchase isn’t going to happen. Our government needs to step in and established laws surrounding the collection of big data. Similar to how the FDA requires a Nutrition Facts label on food packages, consumers need a Collection Facts label that outlines what information is being gathered about them. Details should also include how often the data is gathered, how to turn the collection off, where software updates can be found and what the data is used for beyond vague answers such as ‘improving customer experience’. Restrictions need to be placed on the current vague and very one-sided End User License Agreements (EULA) to protect the consumers privacy.”