An FBI Advisory that Aus Parents should heed about IoT toys

The FBI released an advisory in July 2017 warning about the risks of connected toys. I have put the link to it here:

https://www.ic3.gov/media/2017/170717.aspx

From a newsletter I receive from Bitdefender also comes this advice:

"Vulnerable internet-connected devices are an open invitation for predators to get inside your home. In an instant, an outsider could access your child’s name, date of birth, hobbies, school activities, likes and dislikes and, in some cases, even private photos and physical address. So it’s not only that private information is leaked, but it could lead to identity fraud and, in some cases, physical safety may also be at risk.

So far, action has been taken against Cayla the talking doll, CloudPets – the teddy bear that leaked two million voice recordings, and a number of hacked baby monitors, among others.

In light of increased hacking activity, the Federal Trade Commission announced privacy rules also apply to IoT toys, in compliance with The Children’s Online Privacy Protection Act (COPPA). Additionally, any company failing to comply or rush to market devices with weak security will be in violation of Section 5(a) of the FTC Act.

Parents can take measures to protect their children and homes from cyber spies. First of all, ensure the internet connection is safe and encrypted, avoid using public networks. If it’s really necessary to connect to a public network, don’t allow the toy to transmit any data over the network and keep a close eye on your children’s activity. Above all, double check for firmware or software updates, implement the latest security patches and use strong passwords.

Never make the mistake of purchasing a gadget simply because it’s hip. Carefully read what you’re agreeing to and thoroughly research the company and the product."

5 Likes

Not quite a toy, but an interesting example.

Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: “There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”

Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium.

“The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud,” she said.

https://www.businessinsider.com.au/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4?r=UK&IR=T

Of course this isn’t new and to many of us not even surprising - but when you take into account the projections for IoT ‘connected devices’ - talk of IoT connected devices outnumbered the population of the planet last year - 11+ billion by the end of 2018 and over 20 billion devices by 2020, nearly 80 billion by 2025? the numbers start looking silly, but by whichever study or whatever statistical magic people are working this out, it seems the numbers are very significant and are growing at an ever increasing rate. Of course these are just number of IoT devices, but I read that as number of attack points … and never mind if it’s secured by WPA99, the device and the attacker are already ‘on the network’.

I guess the remake of “Attack of the Killer Tomatoes” could be “Attack of the Fridges Filled with Killer Tomatoes” …

4 Likes

Now we know the answer - collusion, theft, and in the eyes of the most paranoid, rebellion.

4 Likes
5 Likes

Yeah Carla is a perfect example of the uncontrolled connected toy market. We as a society have become more and more engaged, or is that addicted, with being “connected” whether by Smartphones, Smart devices, Smart Toys, Smart assistants or a mix of it all, but at what cost to our privacy and a really big one our security.

It isn’t just what they know about us but what will (I say that “will” deliberately) be used against us all now and into the future. Benevolent business is a misnomer, benevolent Government only if they want to be if it suits them. Yet we continue (mankind as a whole rather than all individuals) to connect with no thought as to how to control this beast that hungrily consumes all we provide it and scarily we mostly do it uncaringly or even willingly so that we can get the so called best experience, that next fix of pseudo fulfillment (really it may be more engulfment)…

Ok I will now loosen the tinfoil hat somewhat.

3 Likes

Yes. It gives the conspiracy theorists a field day…or maybe everyone should be concerned?

3 Likes

Yep just think Jews, Non conformists, Hitler and the Holocaust. What a perfect mixture of data and evil that lead to the death of millions because of race, creed, and colour in occupied and homeland states and then to another war that also created more death from the awful acts of that war. Are we repeating the process whereby we give up too much data (thus freedom) and will only realise the terrible consequences after it is all too late.

3 Likes

This is something I think about quite often. In relation to the net, the infornation I put on must pass the front page test…if the infornation makes the front page of the local rag, what would my reaction be and what would others think?

Unlike the past where data was stored usually in hardcopy/paper form, today’s data is electronic and its record potentially can last forever. At least with the hardcopies, an epic flood or fire was enough to destroy such records.

The other problem with electronic data is it is very easy to analyse and also can be easily misinterpreted. The lasted Facebook fiasco is an example and expect there will be more in the future.

3 Likes

@draughtrider, and to think they went to all that trouble in all those Oceans 11 movies when they could have just used the thermometer in the lobby :smile:

3 Likes