Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    FBI Warns About Security Risks From IoT-Connected Toys in Your Home

    By
    WAYNE RASH
    -
    July 20, 2017
    Share
    Facebook
    Twitter
    Linkedin
      IoT Toy Security Risk

      The idea that a toy presents a real security threat first came to national attention back in 1998, when a small robot disguised as a fanciful animal was banned by the National Security Agency.

      This critter was known as a Furby. The Furby appeared to learn English by listening to words spoken around it and using those words to begin speaking. The government was concerned that the Furby might hear classified information and then repeat it.

      While there was some debate as to whether the Furby could actually record English words, it’s since been replaced by a series of smart toys that can most assuredly listen to the conversations around them and also watch the activity around them using cameras.

      Those toys, many of which seem to be intelligent dolls or other companions, connect to the internet using WiFi or through a smartphone using Bluetooth. As long as those devices are connected to the internet, there’s no way to know what they’re recording or what information is being sent back to a server somewhere on the internet.

      This possibility so alarmed the FBI that the agency issued an urgent announcement on July 17 describing the vulnerability and explaining steps to take to keep the devices from being too much of a threat.

      The FBI is particularly concerned because young children will tell their toys all sorts of private information, thinking they’re speaking in confidence. Such supposedly private revelations could risk the child’s safety, not to mention the safety of the entire family.

      But the risks from connected devices in the home go far beyond just intelligent companions. A new presentation set for the Black Hat USA conference on July 26 covers security vulnerabilities in Segway hoverboards, which can be taken over by hijacking their Bluetooth connection. Researchers were able to control the overboard remotely and even turn it off while someone was riding it. Additional exploits included the ability to load the hoverboard with malware.

      Both of these warnings demonstrate the common threat affecting IoT devices used in the home and in enterprises as well. After all, the NSA wasn’t worried about the Furby being used in the home, but rather when employees started bringing them into the office. That common threat is the lack of security in consumer IoT in general.

      The Segway hoverboard was shipped with no real security, for example, even though there was a Bluetooth PIN. That PIN turned out to be cosmetic and did not prevent access. Since then, Segway has apparently instituted encryption on those devices.

      The lack of security on those internet connected toys is so pervasive that the FBI provided detailed advice for taking steps that might help with security, such as using strong passwords. The most important piece of advice from the FBI, however, is to make sure the devices are turned off when they’re not actually being used, and when they are being used, to keep an eye on what’s happening through the app associated with the device.

      While the FBI focuses on the risks to privacy through internet connected toys, there are actually risks that go beyond that. Because of the lack of security on such devices, it would be relatively easy to load malware that could take over cameras and microphones on internet connected toys. Once infected by malware, the connected toy could then be used for surveillance of the home or office where the toy is being used.

      The resulting risk to privacy was enough, according to a report in Reuters, to cause the German government to ban the sales and ownership of a talking doll named Cayla. There the government recommended destroying the internet connected doll immediately.

      It would be bad enough if those were the only IoT threats out there on the Internet, but they’re only the latest. There’s a search engine that allows users to find and view any of millions of unsecured IoT-connected video cameras world-wide. Those same video cameras were the repositories for malware that was later used in a massive Distributed Denial of Service attack last year.

      Unfortunately, there’s little or no indication that there’s any serious effort on the part of device makers to secure their products. That means that it will pay big dividends to read the FBI’s list of recommendations for dealing with internet connected toys and follow them. Just because the IoT device you’re concerned about isn’t marketed as a toy doesn’t matter.

      Likewise, when you read the FBI’s recommendations, remember that you can replace the word “children” with the word “employee” and the advice is still relevant. If you find that the device you’re planning to use can’t work within the FBI’s recommendations, then don’t use it.

      Examples of the failings you might encounter when implemented to devices would be the inability to connect with encrypted WiFi, the inability to receive firmware or software updates or the inability to authenticate communications.

      Regardless of whether the device is marketed as a toy or, a TV camera or as an industrial process controller, the risks are serious and it’s critical to pay attention to security.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×