Today’s Safer Internet Day is to be supported and has come on the heels of a complaint being filed to the Federal Trade Commission (FTC) against makers of some internet-connected toys. The complaint claims that reasonable security measures are being overlooked, increasing the vulnerability of the toys to being hacked or compromised by unauthorised people.
If the complaint is upheld, subsequent rulings are likely to declare that the toys are violating the Children’s Online Privacy Protection Act (COPPA) and the impact on the connected toy market may well be significant.
Infringement of privacy is increased when a child is at risk and will fill parents with fear; a compromised device means someone could be able to watch or communicate with your child, and there is a possibility that they could find out where they are.
Yet the recent complaint filed to the FTC, along with a growing number of media reports on the likes of the ‘spying Barbie’, show that vulnerabilities in such toys, and other IoT devices, are very real, persist and need to be constantly addressed. Perhaps a threat even greater than these vulnerabilities, is the lack of perception about the extent of the risks.
The ability to spy and locate a child through the internet-connected element of a toy isn’t the only vulnerability. If a toy uses Wi-Fi in the home it could be relatively easy to hack and re-programme, so it could be sent instructions to update the firmware or change the way it operates. The hacker is then inside your trusted home security network – with greater ability to explore and hack other connected devices in your home, including your security cameras or alarm system. With concerns such as these we decided to develop the AnyNet Secure SIM and initially integrate it with AWS Cloud Services.
The problems associated with securing connected toys, or any connected devices, are exacerbated by the fact that manufacturers don’t make just one – many make millions of the same thing. This means once somebody has one of those toys, they have the ability to work out the vulnerabilities in all of those millions of products.
The configuration and certification of connected toys is therefore critical in order to ensure they are secure. However, providing this capability has been an industry-wide problem for some time. But it can be achieved – by using a SIM, such as the AnyNet Secure, specifically designed as an automated solution to enable connected devices (including toys) to remotely and securely activate, connect, certify and authenticate.
The most important feature of this SIM is the ability to provision and launch the device onto a network without any physical contact. This means there’s no need for manual passwords or physical intervention in any way.
It’s a simple way to enable millions of parents to configure millions of toys; when they each register their child’s toy they can deliver their own security requirements directly into the SIM card over the air. Ultimately, the result is a vast reduction in risks for the manufacturer – and more importantly the parent. After all, while a hack hasn’t been reported as yet, it is only a matter of time before one is.