Christmas is coming and the goose is getting fat, please put a penny in the old man’s hat, and while you are at it, totally compromise your family’s privacy by connecting all of your Christmas presents to your wireless network.
Yes, unbelievably another year has rolled around and we know you are about to rush out and try to get the latest and greatest gifts for your darling little offspring, wives, relatives and associates.
It appears that a significant number of this year’s kids’ toys are being very sneaky and actually spying on kids. The Electronic Privacy Information Centre (EPIC – see what they did there) has had a look at a number of products for kids and has written to the USA authorities to ask for them to be withdrawn from sale. Read here.
The issues with these gifts include the use of insecure protocols (like HTTP), not to mention the uploading of kids’ conversations to a speech recognition company in ‘The Cloud’ called Nuance where they are stored.
The Norwegians have done similar investigations and criticise the ‘unreadable terms and conditions’ of these toys, which it would appear to imply that any data collected from your darling little ones does not remain private and are free for the vendor to use.
We can only assume that the same is true of adult toys although presumably for many of them the speech recognition is either unnecessary or rendered useless by the, err, interference and unfavourable acoustic conditions. Have you heard how loud some of those remote controlled planes are?!
Regular readers will know that we have a bee in our bonnet about Internet of Things tings. We look forward to somebody in a position of power to kick off some legislation, or at least best practices to which industry can sign up and get a nice sticker. In the meantime please be careful what you buy and how you configure it.
In other news, the US White House Commission on Enhancing National Cybersecurity has identified 16 key recommendations on security, which are worth a read. They are contained in this 100-page report, which is well worth a read. The primary concern of the report is around limiting the damage done by compromised online identities, which can only be a good thing.
You can read the report here.
If you would like to discuss the Internet of Things we do have a few opinions and would love to share them with you, or discuss anything information security related, please contact us at: [email protected] or 020 7517 3900.
2 Responses
The BBC catches up !
http://www.bbc.co.uk/news/technology-38364077
and there you have it: http://www.theregister.co.uk/2017/02/28/cloudpets_database_leak/
Comments are closed.