Children’s toys and baby monitors can be taken over by hackers, security services warn
Code of practice issued to manufacturers after security vulnerabilities found in toys including smart bear and talking dinosaur
The National Cyber Security Centre (NCSC) has issued new guidance calling on manufacturers to ensure devices sold to British families are secure.
Vulnerabilities already discovered include one that could let attackers obtain audio from a baby monitor or “inject fake information about the position and temperature” of an infant on an activity tracker.
An international database also lists a “smart toy bear” with a security fault that could be used by hackers to obtain sensitive information, and a talking dinosaur that allows voice, data and video traffic to be intercepted.
The NCSC has demonstrated how an interactive doll could be compromised and used to unlock a wifi-connected front door.
A voluntary code of practice issued by the government urges manufacturers to increase security across the growing “internet of things”.
“Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyberattacks,” a spokesperson said.
“Recent high-profile breaches putting people’s data and security at risk include attacks on smart watches, CCTV cameras and children’s toys.”
It comes after the first ever joint “technical alert” by the UK and US revealed that unsecured routers were being targeted by Russian hackers. They were found spying on the information passing through the routers, harvesting passwords and data.
And earlier this month Russian intelligence services were accused of running 12 named hacking groups behind attacks including those on the Democratic National Committee, a British TV station, the World Anti-Doping Agency and Ukrainian transport.
The Independent understands that toys have not yet been targeted by hackers. “A vulnerability being found doesn’t necessarily mean something has been taken over and there was an exploit,” an NCSC spokesperson said.
“We should be better at holding companies to an account where something is reported and it doesn’t get fixed.”
There are expected to be more than 420 million internet-connected devices in use across the UK within the next three years, but security features are rarely advertised to families investing in smart toys, monitors, virtual assistants and other technology.
“We want to reduce the burden on consumers, it’s not reasonable to expect every parent to be a cyber security expert,” the NCSC spokesperson added.
“What we want to do is encourage companies to manage their products, keep them updated and be honest about how long they’re supported for. And to encourage retailers to consider security when they figure out what to stock. That will over time make it much easier for consumers to buy the right things.”
The code of practice stipulates that devices cannot have default passwords and companies must disclose any security vulnerabilities to authorities, keep software updated and encrypt sensitive data.
Companies HP and Centrica Hive are among the first to have signed up. The government is now “exploring options” for strengthening compliance to the guidelines.
There are questions about how far potential regulation could reach in a global market, or whether manufacturing giants such as China could be compelled to comply with British rules.
David Lidington, a cabinet office minister, said it “cannot be right” that British consumers are left to make sure their own products are safe.
“The challenge is to encourage manufacturers to help consumers by building protections into their design,” he said in a speech at the NCSC’s London headquarters.
“As our digitally connected world has expanded at an extraordinary rate, so too has the scale of vulnerabilities and the frequency of attacks that we face".
Source independant
Industry: Cyber Security News
Latest Jobs
-
- REMOTE Cyber Security Operations Engineer. UK
- United Kingdom
- £65,000
-
CH8196 REMOTE Cyber Security Operations Engineer. UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and SOC 2 controls. You role will touch on the following o Security Monitoring- Threat Analysis, Maturing monitoring capability. Utilising SIEM tools o Vulnerability Management- Identifying threats to internal assets- working with internal teams to patch. § Cloud based vulnerability tool experience preferred. o Access Control Management- Mature policy and process of RBAC. Ideally AWS KMS experience. o Vulnerability Testing- Aiding with Pen test scoping in line with identified vulnerabilities. Working internally to plan and track remediation actions. o Security Incident Management- Triaging alerts, evidence capture, escalation, diagnose and fix. o Working within a Cloud based environment. Ideally AWS. o Security Patch Management Support & Assistance – Approach methods, solutions, and policy alignment. o Disaster Recovery planning o Change Management Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com / 07884666351
-
- Senior Product Developer, Microsoft.NET, Remote working
- Netherlands
- Upto €80,000 plus benefits
-
Senior Product Developer is required by a rapidly expanding Cybersecurity Consultancy/Software House to help them develop their new SaaS platform The aim is for this person to join and grow within the business to either lead the team or to move into an Architect role Location is Flexible, and can Work from home if you want, Key responsibliliies will be to Design and implement the customer-facing web UI (Angular, Javascript, etc.) Design and implement back-end components, including Database components and APIs, application We are looking for someone with, Microsoft .Net developer experience working with C#, VB.Net and Powershell Experience with SQL Services and T-SQL Experience working with Interfacing Technologies such as REST, XML, Active Directory and LDAP UI Technologies experience based around Javascript
-
- Senior Product Developer, Microsoft.NET, Remote working
- London
- Upto 65,000 plus benefits
-
Senior Product Developer is required by a rapidly expanding Cybersecurity Consultancy/Software House to help them develop their new SaaS platform The aim is for this person to join and grow within the business to either lead the team or to move into an Architect role Location is Flexible, and can Work from home if you want, Key responsibliliies will be to Design and implement the customer-facing web UI (Angular, Javascript, etc.) Design and implement back-end components, including Database components and APIs, application We are looking for someone with, Microsoft .Net developer experience working with C#, VB.Net and Powershell Experience with SQL Services and T-SQL Experience working with Interfacing Technologies such as REST, XML, Active Directory and LDAP UI Technologies experience based around Javascript
-
- Senior Product Developer, Microsoft.NET, Remote working
- Birmingham
- Upto 65,000 plus benefits
-
Senior Product Developer is required by a rapidly expanding Cybersecurity Consultancy/Software House to help them develop their new SaaS platform The aim is for this person to join and grow within the business to either lead the team or to move into an Architect role Location is Flexible, and can Work from home if you want, Key responsibliliies will be to Design and implement the customer-facing web UI (Angular, Javascript, etc.) Design and implement back-end components, including Database components and APIs, application We are looking for someone with, Microsoft .Net developer experience working with C#, VB.Net and Powershell Experience with SQL Services and T-SQL Experience working with Interfacing Technologies such as REST, XML, Active Directory and LDAP UI Technologies experience based around Javascript