Analysis

Why data security isn’t child’s play

Worrying flaws in VTech and Barbie show companies still aren’t taking security seriously

Security in the Internet of Things (IoT) is a contentious subject.

From killer fridges and toasters to connected thermostats that will turn your heating right up or right down, there is no shortage of scare stories, yet it seems when it comes to devices aimed at children, basic security is being overlooked.

Most recently, toy makers VTech and Mattel have been in the news having respectivelysuffered a massive data breach and a proof-of-concept for a hack on a connected Barbie, but they are far from the only victims.

Baby monitors have proven to be particularly vulnerable to hacking, being used by Peeping Toms and people who, for reasons known only to them, want to shout abuse at infants (Buzzfeed has created a list of some of the more egregious examples).

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

What this exposes is a complete dichotomy in our attitude towards internet security and one of the most vulnerable sections of our society.

On the one hand, great attention is paid to the material children could come across while browsing online, particularly pornographic or violent material, or sexual predators. And yet, when it comes to connected devices aimed at children, normal protective sensibilities seem to be forgotten.

"We're often too excited about what we can connect to the Internet of Things, instead of whether or not we should connect it," Chris Boyd, malware intelligence analyst at Malwarebytes, tellsIT Pro.

"Where children are concerned, I do wonder if toy manufacturers employ individuals sufficiently versed in security to be able to raise possible issues with new toys rolling out of the factory."

Mark Painter, security evangelist at HP Enterprise, agrees.

"Toy manufacturers are following the same playbook as every other kind: functionality and time to market over security concerns. Security is simply an afterthought until stories like the VTech and Barbie hacks push it to the forefront," he says.

Advertisement - Article continues below

"It's a hard world when parents have to limit what toy their child can play with because of security vulnerabilities, but it's the one we now inhabit," Painter adds.

What can be done?

There is no silver bullet in security, and protecting connected toys is no different. Indeed, the IoT is a fast-evolving sector, with many organisations both old and new introducing smart features to products that have traditionally had no communications function or, perhaps, not even any electronics.

However, these manufacturers need to fully realise their new responsibilities within the connected world.

"Hopefully these scares will wake up toy developers before the next generation of toys are developed - ones that could conceivably have the ability to cause some type of physical damage," says Painter. "We're just not that far away from what would have seemed like science fiction not even five years ago."

Advertisement
Advertisement - Article continues below

But as always, there is an element of responsibility that lies with the user - or in this case the user's parents.

As with routers, the passwords for monitoring devices should be changed and not left on the default. There is also an element of self-education, though, and 'buyer beware'.

Advertisement - Article continues below

"It's still an incredibly important issue for parents to be aware of, and when making a purchase they should definitely look at Internet features on the back of the box and think 'What could possibly go wrong with this?'," says Boyd - something that, particularly in the run-up to Christmas, should perhaps be more on parents' minds than ever.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/security/data-breaches/354611/misconfigured-security-command-exposes-250-million-microsoft-customer
data breaches

Misconfigured security command exposes 250 million Microsoft customer records

23 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020