By Tony Daly –Cyber Security Consultant at PGI
It is that time of the year again when parents and Santa are inundated with requests for presents from their loved ones – apparently, Santa is delivering a Paw Patrol scooter to a very excited toddler in our household this year.
If you sit down and watch children’s television at this time of the year you would be under the impression that you are not watching children’s television but in fact non-stop advertisements.
However, those of you with older children may be hounded by requests for more advanced toys. It is probably fair to say that some children are more digitally adept than their parents and thus will want the latest must-have gadget. Inevitably, a lot of these devices will be internet connected and these can bring additional risks.
Are you aware of these risks?
This is where the Internet of Things (IoT) rears its head. There are massive benefits to having IoT connected devices and yet there are severe pitfalls which currently revolve around the issues of privacy and security.
There have been several high-profile incidents in the media in the past month or so where IoT devices have been exploited and used to carry out Distributed Denial of Service (DDoS) attacks against multiple targets.
Parents would never deliberately place their children in harm’s way in normal day-to-day activities, yet when it comes to Christmas and Birthday presents, we tend to cave in (or grandparents end up spoiling them) to their demands without doing due diligence on these toys. If someone told you in the mid 1990’s that your children would be able to play with toys that anyone across the world would be to communicate via, then you would not believe them.
A toy manufacturer, Mattel, got caught out in 2015 when one of their products, Hello Barbie, was discovered by a U.S. based security researcher to be susceptible to hacking. An attacker could gain full access to the microphone – hardly a suitable toy for your children. Economics plays a big part in deciding whether security is baked into the design of a device or is added as an afterthought and unfortunately, it would appear the latter category is the go-to option.
What’s the point of this article you may ask? It’s not designed to alarm you but to merely highlight to those of you who are purchasing internet connected devices and toys that you do your due diligence on your toy of choice, be aware of the risks involved and observe how your children interact with these toys and devices.
The saving grace is that when children get bored of their toys and resort to playing with the packaging instead, there will be no risk of hackers exploiting cardboard boxes. Although I can’t guarantee that answer will still be the same in years to come.