Not so Smart Teddy Bears: What You Should Know About Internet of Things Security
Picture the scene. Your child has an amazing new teddy bear, which allows you to record and send messages from any location, that your child can listen to on demand. Your child can record and send messages back to you. Clever, and very cute.
But then the teddy bear is hacked and someone plays your child their own recorded messages. Scary, eh?
This didn’t happen, but it might.
Earlier this year a company that sells ‘smart’ teddys were held to ransom by hackers who took the credentials of over 800,000 user accounts. This was due to the data being left insecure and easily hackable. As well as user accounts, over two million message recordings were exposed, allowing anyone to listen to them. This is bad. What is worse, is that a security researcher then discovered that the toys themselves could easily be hacked, allowing someone to record and play their own messages through them.
Security – or the apparent lack of – is one of the main concerns holding consumers back from purchasing smart, or ‘connected’ devices. A recent survey revealed that 39% of people would not purchase a ‘smart lock’ because of security concerns, whilst 23% would not purchase an ‘intelligent personal assistant’ because of hacker concerns.
So, what’s being done about it, and how can firms allay consumer fears about the security of their connected devices?
The good news is that Internet of Things security has become an area of high concern for governments and manufacturers alike. Firms, including Dyson, BT and Samsung are included as members of a non-profit body the Internet of Things Security Foundation, which, amongst other initiatives runs programmes on improving IoT security. In the US a new bill, the IoT Cybersecurity Improvement Act, will mean tech vendors will be required to meet a number of requirements before they can work with government contracts.
Laudable, but some aren’t moving as quickly. In the UK the government hasn’t passed laws for IoT security; instead, they are supporting a body designed to invest in IoT, (standards and security fall into their remit, but no legislation, unfortunately).
The IoT technology we have utilised at RT7Digital for Hydrate.Direct is the Amazon IoT Dash Button. This device ranks relatively low on the risk scale for hacker abuse. The device essentially just triggers an event (ordering something or can be modified to turn on a light switch for example). But as we explore more complex, and intelligent devices we believe that security must be front of mind for any firm working with IoT. Whether that is an agency like ourselves, embracing the new technology; as well as manufacturers of the devices themselves.
Once consumers feel that their data, and their devices, are more secure, then ‘smart teddies’ might be appearing in every family home. Till then, we will just cuddle, not talk with our old, much-loved bear…
Contact us via email at firstname.lastname@example.org if you have any comments or questions, we’re always happy to join the conversation about all things related to new and emerging technologies.