Children’s toys and baby monitors can be taken over by hackers, security services warn
Code of practice issued to manufacturers after security vulnerabilities found in toys including smart bear and talking dinosaur
The National Cyber Security Centre (NCSC) has issued new guidance calling on manufacturers to ensure devices sold to British families are secure.
Vulnerabilities already discovered include one that could let attackers obtain audio from a baby monitor or “inject fake information about the position and temperature” of an infant on an activity tracker.
An international database also lists a “smart toy bear” with a security fault that could be used by hackers to obtain sensitive information, and a talking dinosaur that allows voice, data and video traffic to be intercepted.
The NCSC has demonstrated how an interactive doll could be compromised and used to unlock a wifi-connected front door.
A voluntary code of practice issued by the government urges manufacturers to increase security across the growing “internet of things”.
“Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyberattacks,” a spokesperson said.
“Recent high-profile breaches putting people’s data and security at risk include attacks on smart watches, CCTV cameras and children’s toys.”
It comes after the first ever joint “technical alert” by the UK and US revealed that unsecured routers were being targeted by Russian hackers. They were found spying on the information passing through the routers, harvesting passwords and data.
And earlier this month Russian intelligence services were accused of running 12 named hacking groups behind attacks including those on the Democratic National Committee, a British TV station, the World Anti-Doping Agency and Ukrainian transport.
The Independent understands that toys have not yet been targeted by hackers. “A vulnerability being found doesn’t necessarily mean something has been taken over and there was an exploit,” an NCSC spokesperson said.
“We should be better at holding companies to an account where something is reported and it doesn’t get fixed.”
There are expected to be more than 420 million internet-connected devices in use across the UK within the next three years, but security features are rarely advertised to families investing in smart toys, monitors, virtual assistants and other technology.
“We want to reduce the burden on consumers, it’s not reasonable to expect every parent to be a cyber security expert,” the NCSC spokesperson added.
“What we want to do is encourage companies to manage their products, keep them updated and be honest about how long they’re supported for. And to encourage retailers to consider security when they figure out what to stock. That will over time make it much easier for consumers to buy the right things.”
The code of practice stipulates that devices cannot have default passwords and companies must disclose any security vulnerabilities to authorities, keep software updated and encrypt sensitive data.
Companies HP and Centrica Hive are among the first to have signed up. The government is now “exploring options” for strengthening compliance to the guidelines.
There are questions about how far potential regulation could reach in a global market, or whether manufacturing giants such as China could be compelled to comply with British rules.
David Lidington, a cabinet office minister, said it “cannot be right” that British consumers are left to make sure their own products are safe.
“The challenge is to encourage manufacturers to help consumers by building protections into their design,” he said in a speech at the NCSC’s London headquarters.
“As our digitally connected world has expanded at an extraordinary rate, so too has the scale of vulnerabilities and the frequency of attacks that we face".
Industry: Cyber Security News
- Network Security Engineer
- €550 a day
German- based contract opportunity This is an onsite based position, we would need the Network Security engineer to be able to work on the client site 5 days a week Seeking an experienced Network Security Engineer for a leading technology company. Strong expertise in firewall/IPS solutions, proxy solutions, and certificate management is required. Good hands-on experience in networking and web-related technologies necessary. Strong problem-solving skills and the ability to work under pressure are essential. we are looking for a Network Security Engineer with the following experience: · Expertise in Administration, Management & Troubleshooting of Firewall / IPS solutions / Proxy solutions/Certificate Management Solutions · Good Hands-on Experience on security devices (PaloAlto/ /McAfee Proxy/CISCO ISE/Certificate Management) · Good Hands-on Experience in Networking with skills of switching, routing & wireless Technologies · Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocol · Configuration of NAT / PAT, firewall policies, profiling, objects, AD-Integration, backup – restore · Knowledge of Subnetting TCP/IP Communication, VLSM Configuration of VLAN VTP · Configuration of Routing Protocols e.g. RIPv1 & v2, OSPF, EIGRP, BGP Knowledge of standard and extended ACL 12 month contract
- IAM Consultant
- Upto £110,000 depending on level of position
Identity Access Management (IAM) Consultant Location: Germany We are seeking an experienced IAM consultants in Germany. we are looking for people from consultant through to Architect, The ideal candidate will have previous IAM deployment experience and be fluent in German. Key responsibilities: Design and implement IAM solutions for clients Provide expertise on industry best practices and standards Troubleshoot and resolve IAM-related issues Work closely with clients to understand their business requirements and provide solutions to meet those needs Qualifications: Previous deployment experience with IAM solutions Fluency in German Strong understanding of IAM technologies and principles Excellent communication and project management skills If you are an experienced IAM consultant with a strong track record of delivering successful projects, please apply today.
- ForgeRock Consultant
- Upto €85000 plus benefits
ForgeRock deployment consultant is needed for this expanding IT Services business within Spain, to act as their ForgeRock technical lead, Responsibilities include: High level and low level design, Scoping the techical needs of the project design, configure, develop and test the forgeRock deployment. We are looking for a strong IAM consultant ideally with ForgeRock experience, Must have strong Oauth 2.0, SAML and API experience
- IAM Consultant
- Upto €85000 plus benefits
An Identity & Access Management Consultant is needed for an expanding IT Security consultancy, based in France. (Remote role with monthly office meet-ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous