Monday, September 25, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Internet Of Things

Toys behaving badly: How parents can protect their family from IoT threats

Researcher by Researcher
September 9, 2022
in Internet Of Things
0
Toys behaving badly: How parents can protect their family from IoT threats
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


It pays to do some research before taking a leap into the world of internet-connected toys

The Internet of Things (IoT) is changing the way we live and work. From smart pacemakers to fitness trackers, voice assistants to smart doorbells, the technology is making us healthier, safer, more productive and entertained.

Related articles

Intel Reveals New 288-Core Sierra Forest CPU, Core Ultra Processors at Intel Innovation 2023

Intel Reveals New 288-Core Sierra Forest CPU, Core Ultra Processors at Intel Innovation 2023

September 21, 2023
Old routers reveal corporate secrets

Old routers reveal corporate secrets

September 16, 2023

At the same time, it has also provided opportunities for manufacturers to market flashy new toys for our children. The global market for smart toys is set to see percentage growth in the double digits, to exceed US$24 billion by 2027. But when connectivity, data and computing meet, privacy and security concerns are never far away.

Chances are that you, too, are considering buying one of these toys for your children and so encourage their learning and creativity. However, to protect your data and privacy (and your child’s safety!), it pays to do some research before taking a leap into the world of connected toys.

What are smart toys and what are the cyber-risks?

Smart toys have been around for several years. Like any IoT device, the idea is to use connectivity and on-device intelligence to deliver more immersive, interactive and responsive experiences. This could include features like:

  • Microphones and cameras that receive video and audio from the child
  • Speakers and screens to relay audio and video back to the child
  • Bluetooth to link the toy up to a connected app
  • Internet connectivity to the home Wi-Fi router

With this kind of technology, smart toys can go beyond the inanimate playthings most of us grew up with. They have the power to engage children through back-and-forth interaction and even acquire new functionality or behaviors by downloading additional capabilities from the internet.

Unfortunately, manufacturers can skimp on safeguards in the race to market. As a result, their products could contain software vulnerabilities and/or allow insecure passwords. They might record data and send it covertly to third-party, or they could require parents input other sensitive details but then store them insecurely.

When toys go bad

There have been several examples in the past of this happening. Some of the most notorious are:

  • The Fisher Price Smart Toy Bear was designed for children aged 3-8 as “an interactive learning friend that talks, listens, and ‘remembers’ what your child says and even responds when spoken to.” However, a flaw in the connected smartphone app could have enabled hackers to gain unauthorized access to user data.
  • CloudPets allowed parents and their kids to share audio messages via a cuddly toy. However, the back-end database used to store passwords, email addresses and the messages themselves was stored insecurely in the cloud. It was left publicly exposed online without any password to protect it.
  • My Friend Cayla is a child’s doll fitted with smart technology, enabling children to ask it questions and receive answers back, via an internet lookup. However, researchers discovered a security flaw which could allow hackers to spy on children and their parents via the doll. It led the German telecoms watchdog to urge parents to bin the device over privacy concerns. Much the same happened with a smartwatch called Safe-KID-One in 2019.

In Christmas 2019, security consultancy NCC Group ran a study of seven smart toys and found 20 noteworthy problems – including two that were deemed “high risk” and three that were medium risk. It found these common issues:

  • No encryption on account creation and log-in process, exposing usernames and passwords.
  • Weak password policies, meaning users could choose easy-to-guess login credentials.
  • Vague privacy policies, often non-compliant with the US Children’s Online Privacy Protection Rule (COPPA). Others broke the UK’s Privacy and Electronic Communications Regulations (PECR) by passively collecting web cookies and other tracking info .
  • Device pairing (i.e., with another toy or app) was often done vie Bluetooth with no authentication required. This could enable anyone within range to connect with the toy to:
  • Stream offensive or upsetting content
  • Send manipulative messages to the child
  • In some cases (i.e., kids’ walkie talkies) a stranger would only need to buy another device from a store to be able to communicate with children in the area with the same toy.
  • Attackers could theoretically hijack a smart toy with audio capabilities to hack smart homes, by sending audio commands to a voice-activated system (i.e., “Alexa, open the front door”).

How to mitigate the privacy and security risks of smart toys

With smart toys representing a certain degree of security and privacy risks, consider the following best practice advice to counter the threats:

  • Do your research before buying: Check if there’s been negative publicity or research done on the model’s security and privacy credentials.
  • Secure your router. This device is central to your home network and talks to all of your home’s internet-connected devices.
  • Power down devices: When not in use, power the device down to minimize risks.
  • Familiarize yourself with the toy: At the same time, ensure that any smaller children are under supervision.
  • Check for updates: If the toy can receive them, ensure it’s running the latest firmware version.
  • Choose secure connectivity: Ensure that devices use authentication when pairing via Bluetooth and use encrypted communications with the home router.
  • Understand where any data is stored: And what reputation the company has for security.
  • Use strong and unique passwords when creating accounts.
  • Minimize how much data you share: This will reduce your risk exposure if the data is stolen and/or the company is breached.

Smart toys can indeed be educational and entertaining. By ensuring first that your data and kids are safe, you’ll be able to sit back and enjoy the fun.



Source link

Tags: badlybehavingfamilyIoTparentsprotectThreatstoys
Share76Tweet47

Related Posts

Intel Reveals New 288-Core Sierra Forest CPU, Core Ultra Processors at Intel Innovation 2023

Intel Reveals New 288-Core Sierra Forest CPU, Core Ultra Processors at Intel Innovation 2023

September 21, 2023
0

Plus, Intel makes progress on its plan to revolutionize manufacturing with the 18A process node slated for 2024. Intel Core...

Old routers reveal corporate secrets

Old routers reveal corporate secrets

September 16, 2023
0

ESET Research When decommissioning their old hardware, many companies 'throw the baby out with the bathwater' 18 Apr 2023  • ...

Will you give X your biometric data? – Week in security with Tony Anscombe

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

September 16, 2023
0

Video The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT...

Will you give X your biometric data? – Week in security with Tony Anscombe

Key findings from ESET’s new APT Activity Report – Week in security with Tony Anscombe

September 16, 2023
0

Video What have some of the world's most infamous advanced threat actors been up to and what might be the...

5 free OSINT tools for social media research

5 free OSINT tools for social media research

September 16, 2023
0

Social Media A roundup of some of the handiest tools for the collection and analysis of publicly available data from...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
Microsoft to Block Macros by Default in Office Apps

Qakbot Email Thread Hijacking Attacks Drop Multiple Payloads

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
‘Horse Gone Barn Bolted’ is Strong Password – Krebs on Security

‘Horse Gone Barn Bolted’ is Strong Password – Krebs on Security

September 23, 2023
SumUp Launches 7am Payouts; Offering UK Merchants Optimal Financial Flexibility

SumUp Launches 7am Payouts; Offering UK Merchants Optimal Financial Flexibility

September 23, 2023
Stealth Falcon preying over Middle Eastern skies with Deadglyph

Stealth Falcon preying over Middle Eastern skies with Deadglyph

September 23, 2023
Will you give X your biometric data? – Week in security with Tony Anscombe

ESET’s cutting-edge threat research at LABScon – Week in security with Tony Anscombe

September 23, 2023

Recent Posts

‘Horse Gone Barn Bolted’ is Strong Password – Krebs on Security

‘Horse Gone Barn Bolted’ is Strong Password – Krebs on Security

September 23, 2023
SumUp Launches 7am Payouts; Offering UK Merchants Optimal Financial Flexibility

SumUp Launches 7am Payouts; Offering UK Merchants Optimal Financial Flexibility

September 23, 2023
Stealth Falcon preying over Middle Eastern skies with Deadglyph

Stealth Falcon preying over Middle Eastern skies with Deadglyph

September 23, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cyber Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved