HONEY, WHO'S WATCHING THE KIDS?
Security flaws have been discovered
in smart toys and kids' watches
Rapid7 researchers have unearthed
serious flaws in two Internet of Things devices:
- The Fisher-Price Smart Toy, a "stuffed animal" type of toy that can interact with children and can be monitored via a mobile app and WiFi connectivity, and
- The HereO, a smart GPS toy watch that allows parents to track their children's physical location.
In the first instance, API calls from
the toy were not appropriately verified, so an attacker could have sent
unauthorized requests and extract information such as customer details,
children's profiles, and more.
"Most clearly, the ability for an unauthorized person to gain even basic details about a child (e.g. their name, date of birth, gender, spoken language) is something most parents would be concerned about.
"Most clearly, the ability for an unauthorized person to gain even basic details about a child (e.g. their name, date of birth, gender, spoken language) is something most parents would be concerned about.
While names and birthdays are
nominally non-secret pieces of data, these could be combined later with a more
complete profile of the child in order to facilitate social engineering or
other malicious campaigns against either the child or the child's
caregivers."In the second instance, the flaw allowed attackers to gain access to the family's group by adding an account to it, which would allow them to access the family member's location, location history, etc.
Rapid7 has been working with the companies to correct the problems.
This further highlights nascence of the Internet of Things with regard to
information security. While many clever & useful ideas are constantly being
innovated for market segments that may have never even existed before, this
agility into consumers's hands must be weighed against the potential risks of
the technology's use,
Consumer brands must pay greater attention to application security when building smart devices. When a toy becomes connected to the Internet, a child is exposed to a potentially hostile environment. Regulations have not yet caught-up with the need for good application security.
Consumer brands must pay greater attention to application security when building smart devices. When a toy becomes connected to the Internet, a child is exposed to a potentially hostile environment. Regulations have not yet caught-up with the need for good application security.
Excerpt from Help Net Security, authored
by Zeijka Zora
Posts
No comments:
Post a Comment