'It became a symbol of the Dubai dream,' says culinary innovator Nouel Catis, who helped craft the Internet's most favourite dessert flavour
food1 hour ago
Your smartphone or tablet is most likely pretty secure - not perfect, maybe, but generally unlikely to be hacked or to store, say, your email where other people could read it.
The same can't be said for any Internet-connected toys you may have purchased for your kids. Recently discovered security flaws in a pair of such toys highlight just how badly the toy industry has neglected such problems, theoretically exposing kids to online threats.
While major crimes teeming from the hack of a connected toy haven't yet surfaced, some experts argue that it's only a matter of time.
Kids "aren't expected to be Internet security experts and neither are their parents," said Tod Beardsley, security research manager for Rapid7, the Boston-based cybersecurity firm that published the toy-security research on Tuesday.
Rapid7 researchers examined the Fisher Price Smart Toy, an interactive stuffed animal for children aged three to eight that connects to the Internet via Wi-Fi. They also took a look at HereO, a GPS smartwatch that allows parents to track their child's location. In both cases, they found that the toys failed to safeguard children's information such as their names and in the case of the watch, their location, storing it on remote servers in such a way that unauthorized people could access it by masquerading as legitimate users.
After researchers informed the manufacturers of the flaws, the companies quickly fixed the problems. Mattel, which owns the Fisher Price brand, released a statement Monday emphasising that it has no evidence that anyone actually stole any customer information because of the flaw. Eli Shemesh, chief technology officer for Cyprus-based hereO, released a statement saying that security remains paramount for his company, adding that the security flaw was fixed quickly and before the watches started shipping to customers.
Those security problems are far from unique, said Mark Stanislav, Rapid7's manager of global services and the researcher who discovered the flaws. Reports of connected-toy vulnerabilities have been rife in recent months, a trend he expects to continue to worsen as more connected toys hit the market.
Toy makers need to be "building security in at the development phase," Stanislav said in a statement.
Like many connected devices, the Fisher Price toy runs a version of Google's Android operating system, the same software that powers many smartphones and tablets. Beardsley, however, said toy makers don't have the same commitment to security that a major tech company would have.
"I would be shocked if any Android-based toy didn't have any problems," he said.
Apple, whose iPhones and iPads are the biggest rivals to Android devices, doesn't licence its mobile software for use in toys.
Toy-related security problems began to grab headlines late last year, when kid's tech maker VTech announced that one of its databases had been hacked, exposing the names, ages and genders of more than six million children who used the company's toys.
As the number of connected toys continues to grow, so will the number of hackings, says Bridget Karlin, managing director of Intel Corp's Internet of things group. Intel's chips power a slew of connected devices, including a GPS smartwatch for kids, similar to the HereO, that's set to go on sale later this year.
Karlin says that while the odds of any particular toy being hacked may be very low, most of the attacks are random. That means building in security from the ground up, starting at the silicon level.
In the case of the Fisher Price toy - which is sold as a stuffed bear, panda or monkey and retails for about $100 - the researchers found that the toy's software and applications weren't appropriately verifying who was trying to access its information. That could theoretically expose a child's name, birthday, spoken language and gender.
'It became a symbol of the Dubai dream,' says culinary innovator Nouel Catis, who helped craft the Internet's most favourite dessert flavour
food1 hour ago
Ahead of the KT Events' DXB F&B Awards on November 27, jury member and chef and podcaster James Knight-Paccheco talks at length about his culinary journey
lifestyle1 hour ago
Social media has a massive impact on how one perceives beauty and ageing
health1 hour ago
Much clothing belonged to people who died; conflict has left 42 million tonnes of debris, which will take 14 years to dispose of
mena1 hour ago
Pet Corner has the largest e-commerce platform with over 10,000 pet products
lifestyle1 hour ago
Students completing the university's summer programmes can now secure admission in September
parenting1 hour ago
Nadal has not competed in an official singles match since his second-round exit at the Olympics in July
tennis1 hour ago
The Expo Centre Sharjah, a state-of-the-art exhibition venue, has been hosting the event for several years
uae1 hour ago