Posts tagged security

Iot and toys: Connected toys require more security


In an age where it seems anything and everything can benefit from connectivity, the future of toys is changing rapidly.

Toys are becoming more intelligent, more connected and important assets among the Internet of Things.

U.S. domestic toy sales, according to industry association data, hit close to $22 billion in 2014, and that number has been growing steadily ever since, especially with the new connected opportunities for manufacturers.

Mattel, Fisher-Price and Sphero cashing in now

With the advent of sensors, chips, phones, apps and the cloud, the possibilities for what toys can offer is almost limitless.  Just look at Mattel’s Hello Barbie doll that works the same way Samsung voice operators do, sending children’s conversations into the cloud and returning verbal responses through a speaker in the doll.  Fisher-Price makes a WiFi-enabled stuffed animal, and Sphero has introduced an awesome little app-enabled droid toy, called the BB-8, that has an adaptive personality and evolves as an individual plays with it.  It can even create and display holographic recordings.   This toy can also connect with one’s phone, allowing for movement control.

As consumers change the way they are interacting with the connected world, all these IoT products enable toy manufacturers to leverage real-time data, collecting insights about customers to create more interactive and personalized devices that continue to impress and entertain.

But awesome toys present security issues

However, all these connected toys create concerns about security.  There are many gadgets these days that can be used to eavesdrop.  Part of the problem is that many hardware manufacturers offer poor security, and often times consumers are left vulnerable because of all the information they are sharing.

“One of my technologists has a phrase: ‘internet of other people’s things’,” says Lee Tien, senior staff attorney at the Electronic Frontier Foundation said. “Even if you bought it, it’s not necessarily truly yours – it may need to talk to the vendor’s machines to work, handing over data about you or those around you (if it has sensors); it may have features you don’t know about or don’t know how to control, or can’t control.”

The internet of things is quite helpful to eavesdroppers, both official and hacker types, for several reasons, with the main one being regular data leaks.

“One helpful feature for surveillance is that private sector IoT generally blabs a lot, routinely into some server, somewhere,” states Tien. “That data blabbing can be insecure in the air, or obtained from storage.”

To further complicate things, just look at video games, which require televisions and game systems.  New smart systems are equipped with cameras and voice monitors that are connected online and constantly sending information to the cloud.

But is someone watching through Barbie’s eyes?

Many people are concerned about what that can mean.  Can smart televisions spy on them? The US director of national intelligence says that is obvious. The ever-increasing variety of “smart” web-enabled devices, most recently dubbed the Internet of Things, is a blessing to intelligence officials and law enforcement, according to director James Clapper.

“In the future, intelligence services might use the Internet of Things for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper tells the Senate in public testimony.

Unfortunately, intelligence officials are not the only ones wanting to hack into hi-tech devices. Being aware of when people are home, what they own and where they store it is valuable knowledge for thieves.

A cyber-attack on toymaker VTech released the personal data of 6.4m children last year, and it was a scary reminder of the vulnerability of children on the internet. A similar thing happened to Sony, when hackers from North Korea stole users’ credentials, and online playing came to a halt during a major holiday.

However, even though a lack of privacy and security breaches are major concerns, it looks like connected toys are here to stay as long as consumers continue to happily purchase them.

The post Iot and toys: Connected toys require more security appeared first on ReadWrite.

View full post on ReadWrite

The spy who hacked me: Evildoers love IoT’s weak security

one secret service security bodyguard agent man in silhouette on white background

With the explosive growth of the Internet of Things (IoT), both spies and hackers are feasting on a new universe of poorly secured technology.

Recode quotes a top spy from the US National Security Agency who spoke with surprising candor about IoT’s security vulnerabilities. These vulnerabilities stem from the increasing complexity of the technology which, for cyberspooks like the NSA, offers a goldmine of eavesdropping potential.

“As my job is to penetrate other people’s networks, complexity is my friend,” said NSA deputy director Richard Ledgett at a Washington conference.

He added that the connected nature of these new IoT devices allow both spies and hackers a wireless window of opportunity. Indeed, hacking of connected technology is expected to send the IoT security market into overdrive in the coming years.

“The first time you update the software, you introduce vulnerabilities — or variables, rather,” Ledgett said. “It’s a good place to be in a penetration point of view.”

IoT offering spies more back doors?

And there is growing evidence that network penetration by intelligence agencies and cyber criminals alike is becoming easier thanks to the dramatic increase in IoT devices globally.

A Hewlett-Packard study from 2014 found that many IoT devices were shipped from the factory with low security passwords.  As well, a Veracode report from last year discovered many basic security weaknesses in such devices as hubs for home IoT networks and even garage door openers.

Ledgett even admitted that the NSA is researching potential security exploits in such biomedical equipment as pacemakers, as another “tool in the toolbox.”

In his unusually frank speech for an upper echelon NSA representative, Ledgett said that the agency finds it easier to track terrorism suspects or foreign spooks through other avenues of surveillance.

Meanwhile, others in the American intelligence community have broken silence about IoT’s as potential wellspring of actionable intelligence for both friendly and enemy spy agencies.

James Clapper, director of US national intelligence, said at a Senate hearing this year that foreign spy agencies may be specifically targeting IoT devices. They may be using the connected technology for eavesdropping, surveillance, recruiting moles or gaining network access.

So beware, your connected coffee pot may be spilling the beans to spooks with every steaming cup.

The post The spy who hacked me: Evildoers love IoT’s weak security appeared first on ReadWrite.

View full post on ReadWrite

Go to Top
Copyright © 1992-2016, DC2NET All rights reserved