Page 23 - at

P. 23

TECHNOLOGY A23
Wednesday 3 February

Something new to worry about: Connected toy security

BREE FOWLER Toy, an interactive stuffed This photo provided by Mattel shows the Smart Toy Bear. Your or monkey and retails for
AP Technology Writer animal for children aged smartphone or tablet is most likely pretty secure, and unlikely about $100 — the research-
NEW YORK (AP) — Your 3 to 8 that connects to to be hacked, but the same can’t be said for any Internet con- ers found that the toy’s
smartphone or tablet is the Internet via Wi-Fi. They nected toys you may have purchased for your kids. software and applications
most likely pretty secure — also took a look at HereO, weren’t appropriately veri-
not perfect, maybe, but a GPS smartwatch that al- Associated Press fying who was trying to ac-
generally unlikely to be lows parents to track their cess its information. That
hacked or to store, say, child’s location. In both ed shipping to customers. vals to Android devices, could theoretically expose
your email where other cases, they found that the Those security problems doesn’t license its mobile a child’s name, birthday,
people could read it. toys failed to safeguard are far from unique, said software for use in toys. spoken language and
The same can’t be said for children’s information such Mark Stanislav, Rapid7’s Toy-related security prob- gender.
any Internet-connected as their names and in the manager of global ser- lems began to grab head- Of course, those tidbits of
toys you may have pur- case of the watch, their lo- vices and the researcher lines late last year, when information aren’t neces-
chased for your kids. Re- cation, storing it on remote who discovered the flaws. kid’s tech maker VTech an- sarily secret. But hackers
cently discovered security servers in such a way that Reports of connected-toy nounced that one of its da- could theoretically amass
flaws in a pair of such toys unauthorized people could vulnerabilities have been tabases had been hacked, enough of them to cre-
highlight just how badly the access it by masquerading rife in recent months, a exposing the names, ages ate a phishing scheme
toy industry has neglected as legitimate users. trend he expects to contin- and genders of more than aimed at financial fraud
such problems, theoreti- After researchers informed ue to worsen as more con- 6 million children who used or identity theft down the
cally exposing kids to on- the manufacturers of the nected toys hit the market. the company’s toys. road. In theory, the infor-
line threats. flaws, the companies Toy makers need to be As the number of connect- mation could also be used
While major crimes teem- quickly fixed the problems. “building security in at ed toys continues to grow, to pull off the abduction
ing from the hack of a con- Mattel Inc., which owns the development phase,” so will the number of hack- of a child, though experts
nected toy haven’t yet sur- the Fisher Price brand, re- Stanislav said in a state- ings, says Bridget Karlin, say the chance of that re-
faced, some experts argue leased a statement Mon- ment. managing director of Intel mains slim.
Like many connected de- Corp.’s Internet of things The same flaw also could
This photo provided by HereO shows the HereO GPS watch. Your vices, the Fisher Price toy group. Intel’s chips power allow an attacker to effec-
smartphone or tablet is most likely pretty secure, and unlikely runs a version of Google’s a slew of connected de- tively take control of the
to be hacked, but the same can’t be said for any Internet con- Android operating system, vices, including a GPS device to do things such as
nected toys you may have purchased for your kids. the same software that smartwatch for kids, similar change the account infor-
powers many smartphones to the HereO, that’s set to mation, or monitor whether
Associated Press and tablets. Beardsley, go on sale later this year. a child is playing with it or
however, said toy makers Karlin says that while the if an adult is using the re-
that it’s only a matter of day emphasizing that it has don’t have the same com- odds of any particular toy lated mobile app, the re-
time. no evidence that anyone mitment to security that being hacked may be very searchers said.
Kids “aren’t expected to actually stole any custom- a major tech company low, most of the attacks The HereO smartwatch
be Internet security experts er information because would have. are random. That means is marketed as a safety
and neither are their par- of the flaw. Eli Shemesh, “I would be shocked if any building in security from the device for children aged
ents,” said Tod Beardsley, chieftechnology officer for Android-based toy didn’t ground up, starting at the three to 12 and creates
security research manager Cyprus-based hereO, re- have any problems,” he silicon level. a kind of social network
for Rapid7 Inc., the Boston- leased a statement saying said. In the case of the Fisher that’s restricted to invited
based cybersecurity firm that security remains para- Apple, whose iPhones and Price toy — which is sold family and friends.
that published the toy-se- mount for his company, iPads are the biggest ri- as a stuffed bear, panda The brightly colored watch
curity research on Tuesday. adding that the security has both a cellular and
Rapid7 researchers exam- flaw was fixed quickly and GPS connection, allowing
ined the Fisher Price Smart before the watches start- parents to monitor a child’s
location through a mobile
app. Features include mes-
saging, location alerts and
a panic button. The watch,
which costs $179 in the
U.S. plus a $4.95 per month
monitoring fee, recently
started shipping to custom-
ers around the world.
Rapid7 says its research-
ers found a way attackers
could trick the watch into
adding them onto a given
family’s account. q

18 19 20 21 22 23 24 25 26 27 28