October 30, 2018 at
A new code of practice issued to manufacturers of children’s toy and baby monitors after being warned of a potential attack by hackers.
The security services have warned that baby monitors and children’s toy connected via the internet stands the risk of been taken over by hackers. In its new guidance, the National Cyber Security Centre (NCSC) beckoned on manufacturers to ensure that such devices sold to families in British are secure.
Already, vulnerabilities discovered include one that may allow attackers to acquire audio from a baby monitor. Additionally, it may slot in fake information about the temperature and position of an infant on an activity tracker.
Besides this, a “smart toy bear” has also been included in an international database to have a security fault with the tendency of being used by hackers to acquire sensitive information. Furthermore, it also included a talking dinosaur, which allows video, voice, and data traffic to be interrupted.
NCSC – How Interactive Doll could be compromised
The NCSC revealed that these hackers could compromise an interactive doll and in turn use it to open a Wi-Fi-connected front door. In reaction to this recent update, the government issued a voluntary code of practice and urges manufacturers to tighten up there security.
A spokesperson for NCSC said,
Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyber-attacks. Recent high-profile breaches putting people’s data and security at risk include attacks on smartwatches, CCTV cameras, and children’s toys.
This came after the UK and US pioneered the first “technical alert,” which revealed that Russian hackers were targeting unsecured routers. There were also indications that these hackers were snooping on information going through the routers, harvesting data and passwords.
If you recall earlier this month, Russian intelligence services were suspected of operating 12 named hacking groups asides attacks such as the World Anti-Doping Agency, a British TV Station, the Democratic National Committee, and Ukrainian transport.
Centrica Hive and HP sign up for Code of Practice
However, it is understandable that hackers have not targeted toys yet. The spokesperson of NCSC added that because a vulnerability was found, it does not mean that something has been taken over. Furthermore, we should hold companies accountable where issues are reported without appropriate measures taken to deal with the issue.
According to recent statistics, there should be over 420 million internet-connected devices throughout the UK within the next three years. While people use these devices, hardly are there security features advertised to families investing in virtual assistants, monitors, smart toys, and other technology.
The NCSC spokesperson added that
What we want to do is encourage companies to manage their products, keep them updated and be honest about how long they’re supported for. And to encourage retailers to consider security when they figure out what to stock. That will over time make it much easier for consumers to buy the right things.
The code of practice instructs that devices must never have default passwords and companies must reveal any security vulnerabilities to authorities to encrypt sensitive data while keeping software updated. Centrica Hive and HP were the first to sign up for this practice. However, the government is exploring further options to reinforce the compliance of the plans.
Finally, there are questions concerning what extent these regulation go in a global market or if manufacturing giants like China will be forced to adhere with the British rules. Only time would time while we watch the reactions of the Chinese.