David Emm, principal security researcher at Kaspersky Lab, responds to recent reports discussing how the My Friend Cayla doll can be hacked. Within his comments, David outlines his thoughts on what both manufacturers and consumers must do to help protect themselves for risks like this.
“The recent reports discussing how the My Friend Cayla doll can be hacked offer another scary example of how everyday objects can be remotely-controlled using computer technology.
“I believe there are two sides to this problem. Firstly, manufacturers need to provide a secure framework for interacting with such devices – in this case, a child’s play-thing. The reports suggest that there’s no PIN to establish a secure pairing of the doll with the app. Secondly, parents need to secure devices (including smartphones and tablets) that they use to control everyday objects to ensure their children aren’t exposed. This includes objects around the house (e.g. a smart meter) but also less obvious devices such as toys. The reports on the My Friend Cayla doll follow recent hacks on devices such as webcams and baby monitors – familiar, everyday objects that can now be accessed remotely – by a potential attacker, if the connection isn’t secured adequately.
“This particular case underlines the potential danger of the Internet of Things. Of course, the benefits that flow from an ‘Internet of Things’ are much more evident than the potential dangers. But those developing and implementing the technologies that lie behind the ‘Internet of things’ need to ensure that security is a priority from the outset. The bottom line is that if a device is connected, there’s a risk of it being intercepted if it isn’t secured.