News / USA

    Something New to Worry About: Connected Toy Security

    FILE - The hereO GPS watch for children and its accompanying mapping app are displayed at the International Consumer Electronics show (CES) in Las Vegas, Nevada, Jan. 4, 2015.
    FILE - The hereO GPS watch for children and its accompanying mapping app are displayed at the International Consumer Electronics show (CES) in Las Vegas, Nevada, Jan. 4, 2015.
    Associated Press

    Your smartphone or tablet is most likely pretty secure — not perfect, maybe, but generally unlikely to be hacked or to store, say, your email where other people could read it.

    The same can't be said for any Internet-connected toys you may have purchased for your kids. Recently discovered security flaws in a pair of such toys highlight just how badly the toy industry has neglected such problems, theoretically exposing kids to online threats.

    While major crimes teeming from the hack of a connected toy haven't yet surfaced, some experts argue that it's only a matter of time.

    Kids "aren't expected to be Internet security experts and neither are their parents," said Tod Beardsley, security research manager for Rapid7 Inc., the Boston-based cybersecurity firm that published the toy-security research on Tuesday.

    Rapid7 researchers examined the Fisher Price Smart Toy, an interactive stuffed animal for children aged 3 to 8 that connects to the Internet via Wi-Fi.

    They also took a look at HereO, a GPS smartwatch that allows parents to track their child's location. In both cases, they found that the toys failed to safeguard children's information such as their names and in the case of the watch, their location, storing it on remote servers in such a way that unauthorized people could access it by masquerading as legitimate users.
    After researchers informed the manufacturers of the flaws, the companies quickly fixed the problems.

    Mattel Inc., which owns the Fisher Price brand, released a statement Monday emphasizing that it has no evidence that anyone actually stole any customer information because of the flaw. Eli Shemesh, chief technology officer for Cyprus-based hereO, released a statement saying that security remains paramount for his company, adding that the security flaw was fixed quickly and before the watches started shipping to customers.

    Those security problems are far from unique, said Mark Stanislav, Rapid7's manager of global services and the researcher who discovered the flaws.

    Reports of connected-toy vulnerabilities have been rife in recent months, a trend he expects to continue to worsen as more connected toys hit the market.

    Toy makers need to be "building security in at the development phase," Stanislav said in a statement.

    Like many connected devices, the Fisher Price toy runs a version of Google's Android operating system, the same software that powers many smartphones and tablets. Beardsley, however, said toy makers don't have the same commitment to security that a major tech company would have.

    "I would be shocked if any Android-based toy didn't have any problems," he said.

    Apple, whose iPhones and iPads are the biggest rivals to Android devices, doesn't license its mobile software for use in toys.

    Toy-related security problems began to grab headlines late last year, when kid's tech maker VTech announced that one of its databases had been hacked, exposing the names, ages and genders of more than 6 million children who used the company's toys.

    As the number of connected toys continues to grow, so will the number of hackings, says Bridget Karlin, managing director of Intel Corp.'s Internet of things group. Intel's chips power a slew of connected devices, including a GPS smartwatch for kids, similar to the HereO, that's set to go on sale later this year.

    Karlin says that while the odds of any particular toy being hacked may be very low, most of the attacks are random. That means building in security from the ground up, starting at the silicon level.

    In the case of the Fisher Price toy — which is sold as a stuffed bear, panda or monkey and retails for about $100 — the researchers found that the toy's software and applications weren't appropriately verifying who was trying to access its information. That could theoretically expose a child's name, birthday, spoken language and gender.

    Of course, those tidbits of information aren't necessarily secret. But hackers could theoretically amass enough of them to create a phishing scheme aimed at financial fraud or identity theft down the road. In theory, the information could also be used to pull off the abduction of a child, though experts say the chance of that remains slim.

    The same flaw also could allow an attacker to effectively take control of the device to do things such as change the account information, or monitor whether a child is playing with it or if an adult is using the related mobile app, the researchers said.

    The HereO smartwatch is marketed as a safety device for children aged three to 12 and creates a kind of social network that's restricted to invited family and friends.

    The brightly colored watch has both a cellular and GPS connection, allowing parents to monitor a child's location through a mobile app. Features include messaging, location alerts and a panic button. The watch, which costs $179 in the U.S. plus a $4.95 per month monitoring fee, recently started shipping to customers around the world.

    Rapid7 says its researchers found a way attackers could trick the watch into adding them onto a given family's account. That would give them access to the entire family's location history and profile details and even the ability to message parents or their kids.

    You May Like

    Top US General: Turkish Media Report ‘Absurd'

    General Dunford rejects ‘irresponsible' claims of coup involvement by former four-star Army General Campbell, who led NATO forces in Afghanistan before retiring earlier this year

    Video Saving Ethiopian Children Thought to Be Cursed

    'Omo Child' looks at efforts of one African man to stop killings of ‘mingi’ children

    Protests Over Western Troops Threaten Libyan 'Unity' Government

    Fears mount that Islamist foes of ‘unity' government plan to declare a revolutionaries' council in Tripoli

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    London’s Financial Crown at Risk as Rivals Eye Brexit Opportunitiesi
    X
    VOA News
    July 25, 2016 5:09 PM
    By most measures, London rivals New York as the only true global financial center. But Britain’s vote to leave the European Union – so-called ‘Brexit’ – means the city could lose its right to sell services tariff-free across the bloc, risking its position as Europe’s financial headquarters. Already some banks have said they may shift operations to the mainland. Henry Ridgwell reports from London.
    Video

    Video London’s Financial Crown at Risk as Rivals Eye Brexit Opportunities

    By most measures, London rivals New York as the only true global financial center. But Britain’s vote to leave the European Union – so-called ‘Brexit’ – means the city could lose its right to sell services tariff-free across the bloc, risking its position as Europe’s financial headquarters. Already some banks have said they may shift operations to the mainland. Henry Ridgwell reports from London.
    Video

    Video Recycling Lifeline for Lebanon’s Last Glassblowers

    In a small Lebanese coastal town, one family is preserving a craft that stretches back millennia. The art of glass blowing was developed by Phoenicians in the region, and the Khalifehs say they are the only ones keeping the skill alive in Lebanon. But despite teaming up with an eco-entrepreneur and receiving an unexpected boost from the country’s recent trash crisis the future remains uncertain. John Owens reports from Sarafand.
    Video

    Video Migrants Continue to Risk Lives Crossing US Border from Mexico

    In his speech Thursday before the Republican National Convention, the party’s presidential candidate, Donald Trump, reiterated his proposal to build a wall along the U.S.-Mexico border if elected. Polls show a large percentage of Americans support better control of the nation's southwestern border, but as VOA’s Greg Flakus reports from the border town of Nogales in the Mexican state of Sonora, the situation faced by people trying to cross the border is already daunting.
    Video

    Video In State of Emergency, Turkey’s Erdogan Focuses on Spiritual Movement

    The state of emergency that Turkish President Recep Tayyip Erdogan has declared is giving him even more power to expand a purge that has seen an estimated 60,000 people either arrested or suspended from their jobs. VOA Europe correspondent Luis Ramirez reports from Istanbul.
    Video

    Video Calm the Waters: US Doubles Down Diplomatic Efforts in ASEAN Meetings

    The United States is redoubling diplomatic efforts and looking to upcoming regional meetings to calm the waters after an international tribunal invalidated the legal basis of Beijing's extensive claims in the South China Sea. VOA State Department correspondent Nike Ching has the story.
    Video

    Video Four Brother Goats Arrive in Brooklyn on a Mission

    While it's unusual to see farm animals in cities, it's become familiar for residents of Brooklyn, New York, to see a little herd of goats. Unlike gas-powered mowing equipment, goats remove invasive weeds quietly and without adding more pollution to the air. As Faiza Elmasry tells us, this is a pilot program and if it proves to be successful, the goat gardener program will be extended to other areas of New York. Faith Lapidus narrates.
    Video

    Video Scientists in Poland Race to Save Honeybees

    Honeybees are in danger worldwide. Causes of what's known as colony collapse disorder range from pesticides and loss of habitat to infections. But scientists in Poland say they are on track to finding a cure for one of the diseases. VOA’s George Putic reports.
    Video

    Video Wall Already Runs Along Parts of US-Mexico Border

    The Republican Party’s presidential nominee, Donald Trump, gained the support of many voters by saying he would build a wall to keep undocumented immigrants and drugs from coming across the border from Mexico. Critics have called his idea impractical and offensive to Mexico, while supporters say such a bold approach is needed to control the border. VOA’s Greg Flakus has more from the border town of Nogales, Arizona.
    Video

    Video New HIV Tests Emphasize Rapid Results

    As the global fight against AIDS intensifies, activists have placed increasing importance on getting people to know their HIV status. Some companies are developing new HIV testing methods designed to be quick, easy and accurate. Thuso Khumalo looks at the latest methods, presented at the International AIDS conference in Durban, South Africa.
    Video

    Video African Youth with HIV Urge More Support

    HIV, the virus that causes AIDS, is the top killer of teens in sub-Saharan Africa. But many youths say their experience with the virus is unique and needs to be addressed differently than the adult epidemic. VOA South African Correspondent Anita Powell reports.
    Video

    Video Pop-Up Art Comes to Your Living Room, Backyard and Elsewhere

    Around the world, independent artists and musicians wrestle with a common problem: where to exhibit or perform? Traditional spaces such as museums and galleries are reserved for bigger names, and renting a space is not feasible for many. Enter ArtsUp, which connects artists with venue owners. Whether it’s a living room, restaurant, office or even a boat, pop-up events are bringing music and art to unexpected places. Tina Trinh has more.
    Video

    Video Scotland’s Booming Whisky Industry Fears Brexit Hangover

    After Britain’s vote to leave the European Union, Scotland’s government wants to break away from the United Kingdom – fearing the nation’s exports are at risk. Among the biggest of these is whisky. Henry Ridgwell reports on a time of turmoil for those involved in the ancient art of distilling Scotland’s most famous product.

    Special Report

    Adrift The Invisible African Diaspora