Tech Toys And The Child Protection In The Age Of The IoT.
The “Internet of things” (IoT) is no longer just a topic of conversation at your workplace or outside of it. It is no longer just a concept with some potential impact on how we live and how we work. The IoT is happening right now. It is already here.
The number of “connected” devices into people’s homes and their day-to-day routines is on the rise. Moreover, it will continue to grow. And, by 2025, you’ll have at least ten active IoT devices in your home.
Tech Toys – One Of Your Ten IoT Devices.
Think about it for a second. You already have a smart TV that lets you browse the internet. This year, Christmas come and you are going to buy a new fridge. A smart one this time. Next year, you’ll get a smart vacuum cleaner. Then, a new smart alarm, just to keep your connected items safe. Let’s add to this a new smart heating system. One more thing. A prediction if you wish. In 2018, your Virgin Media ISP will send you a free in-house digital healthcare system.
You’ll get “the kit” at the same time with the new WIFI router and your upgraded internet contract. All free, as part of Virgin’s new partnership with F.C.A. and the N.H.S.
And step by step, without even realising, you are going to use the IoT. In your home, in your school, at the nursery. You’ll love them as these smart devices are going to improve your life. These connected devices will clean for you. Protect you. Keep you safe and healthy.
More than that, the IoT devices are going to save you time. The lesser time you’ll be spending “tech-ing” around, the more time you’ll have for the loved ones. However, despite all the positives, we must not ignore the privacy risks that these smart devices bring with them.
Tech Toys – Do You Monitor Your Baby With A Cam?
I am sure you’ll agree with me that last year was “the year of hackers.” Start with Kevin Mitnick. End with LulzSec and Anonymous. Regardless the names, the fate of any hacker group will be the same. But that does not stop them from hacking. You’ve seen on the news powerful, big corporations brought down to their knees.
Hacked. Over and over again. I am sure you still remember “the Sony hack.” Or, a more recent case, the hacked database of the U.S. Office of Personnel Management. It was a breach that exposed more than 21.5 million government employees. From lab. employees to cleared spies. They all had their secrets spilled and had their lives put at risk.
Some of you might be familiar with the Juniper NetScreen Firewalls hack. Or with the Ashley Madison hack. The Gemalto hack. The Kaspersky Labs hack. We can go on, and on, for hours.
Let’s face it. Even the most powerful governments in the world are far from immune to hackers. Tell me now that you still believe that some cheap products like the internet-connected dolls and baby cams are better protected? Think again.
I have a better example for you. An example that is very much related to our subject today: Ensuring your child’s protection in the smart toys era.
And the story goes like this. It happened last year, in a cold day of November. A toy manufacturer from Hong Kong, VTech, wasn’t using SSL or encrypting passwords for its line of children’s tablets. It did not think it was needed. As you imagine, for the hackers, stealing VTech‘s data was just a “child’s play.”
What happened next was a security nightmare. You are looking at 6.4 million exposed children. Millions of children have “lost” their data. Their names, their emails, their downloads, their passwords, the IP addresses, photos, password recovery info, audio and video recording.
All these details were compromised. Together with the children’s real names, their genders and their dates of birth. Even their home addresses. Shocking, isn’t it?
Tech Toys – Do We Need A Tragedy To Wake Up?
And still, there is a total dichotomy in our attitude towards the security of the internet in one hand, and the most vulnerable “parts” of our society, on the other hand.
We pay great attention to the pornographic or violent materials our children could come across online. It causes great concern. We are no longer waiting for them to strike, but we took control. We hunt them. We honeypot the sexual predators. And yet, when it comes to the tech toys, the protective sensibilities seem to be forgotten.
We are blind. We don’t see, we don’t care. Nobody cares if a certain tech toy manufacturer does not employ experts in infosec. Experts that could raise possible issues with the new smart toys before rolling them out of the factory’s gates.
Tech Toys – Browsing The Internet Of Toys.
It is true, we always had problems with “connected” devices. The “vulnerable” webcams alone, remains a massive problem even now, in 2016. How? Well, let’s take a closer look at Shodan. A new search engine for smart, connected devices. Shodan can search the Internet, looking for IP addresses with open ports. If an open port streams a video feed and also lacks the authentication, Shodan takes a snap.
However, this is not just another snap of a city webcam from webcam galore. Or, another snap from a cam that is broadcasting the heavy traffic in Piccadilly Circus. Oh no. As the connected toys are invading our homes, these smart objects bring with them silent, unwanted visitors.
Confused? Keep reading. With the help of Shodan, a potential sex predator can browse for connected cams and search for live videos of children. Snapshots. Pics. Your children. Sleeping. Playing. Dancing. Reading. Or even getting changed, in their own bedrooms. The paid Shodan members can access the pics via images.shodan.io. In fact, they don’t even have to pay. The free Shodan accounts can also search for pics, using the filter “port:554 has_screenshot:true.”
Similar Read: IoT Security – The Trojan Horse Is In The House
The cause of the problem is still the “Real Time Streaming Protocol” with no password auth in place. RTSP, port 554, to be more precise. If you are a parent, you have to be aware this. You must comprehend the danger.
You must understand that there is also a dark face of the IoT. A dark face of the tech toys. Don’t blame Shodan. There are hundreds of free tools out there that can be employed by both, the good and the bad guys.
That is why, in this instance, I’ll be naming the Internet of Things, the Internet of Toys. The tech toys and the risks they represent to the most vulnerable ones.
You see, the tech can be quite magical when we use it to make the world we live in, a better place. A safer place for all of us, little humans included. However, as much as we love new tech, we must never lose sight of the fact that the tech, for all its possibilities, it also creates new risks.
Moreover, for that alone, when dealing with children in an IoT context, their security and privacy must be your priority. In a tech toys context, the child protection must be paramount to you. You, the parent. You, the IoT maker. Right from day one.
More than ever, now. In the light of what has happened within the “Internet of Toys” community, any IoT companies must be taking extra security measures. We commend V-Tech and Mattel/ToyTalk for addressing their recent security breaches and strengthening their commitment to security.
Tech Toys – Regulations For Connected Toys.
Making toys is not an easy business. Look at it from a safety point of view. Children can swallow their toys. They can also break them into little parts and get cut. Get hurt. Suffocated. Even poisoned, if the paint you have used has the wrong chemicals.
You’ll have to pass all the regulatory and safety tests. The 16 CFR.1500. The EN.62115. The FCC. The EMC. The RF testing. And more than that, the “Internet of Toys” is not just another toy-making business. It is the Internet of Things for the toys. The above-mentioned tests are just the beginning.
To ensure proper children protection, you must lock down and partition the toy’s system and all the associated apps. By doing so, you are going to prevent and limit the exposure of your tech toys to malicious attacks.
Your IoT company must take that “extra step” to encrypt and anonymize the user’s data. The data you have collected via your tech toys. In this case, your clients are the children. With the “birth” of the tech toys, the child protection definition is going to change too. No, it is not a joke.
Tech Toys – Child Protection Must Include “Data.”
The child protection is not just the “protection of children from violence, exploitation, abuse, and neglect.” It should also include their data. Protect the children’s data, through every step of the used platform in your tech toys.
The information conveyed to and from the tech toys, must be protected with tech industry-grade, advanced encryption standards.
Your company must use unique encryption keys for each IoT toy you make. You must have unique encryption keys for each segment and each piece of your system. The child protection, in an IoT context, can be achieved if your company takes into consideration the “worst case scenarios.”
It is a scenario where, if any part of your IoT toy platform is compromised, the combination of segmentation plus encryption ensures limited amounts of leaked data, from your tech toys. Also, it gives you the power to identify where the problem originated in the first place.
Similar Read: Internet Of Things: 10 Most Innovative Companies
To prevent this from happening, and to keep your “little clients” safety, you must cycle those keys that encrypt all information sent to and from your tech toys.
Even more, you’ll have to patch and conduct security checks to ensure the integrity of your platform. It is true, no legislation regulates what happens with the “IoT data” at the moment. However, you must stay transparent. If there are no standards, you make the standards. You drive the boat. You set the trend.
Tech Toys – Keep Your “Little Clients” Safe.
You must make, at least, a commitment that you would not share any of the data that your IoT toys generate. There are many hungry wolves out there; read marketing and advertising entities.
Don’t let them have the data. Keep your commitment, keep your “little clients” safe. Stay faithful to your promises. You might lose money in the short term. However, in the long run, your business is going to gain trust. With trust comes money. You’ll succeed.
Just make sure you ensure the children’s protection in the new IoT context. Better said, if you can protect your clients, they’ll trust you. Moreover, if they trust you, they’ll come back and buy again.
Don’t forget that anything created or “ingested” by your IoT platform must stay within the walls of your platform. Yes, you can use your user’s data. However, only use it to make your platform better. To make the “children – toy” interaction better. Use the data to help, not to destroy. If it helps, see it as the protection of your child.
You’ll argue now that most of your tech toys must come with access to “the outside” apps. It is nothing wrong with that. However, you must lock down the data contained in these associated apps. You must also limit the amount of info collected by these 3rd party apps.
Tech Toys – Give Parents Full Control.
On the hardware front, if there is a microphone or a recording camera on your tech toys, you must make sure that the “mute” or “blind” is “ON” by default. The parents can rest easy knowing that the new tech toys they have purchased for their little one’s birthday are not listening or watching them.
It is a scary thought. If you are not a parent yet, just put yourself in a parent’s “shoes.” Even just for few seconds. Would you be fine with your children being watched, by someone over the internet while playing in their bedroom?! Yeah, didn’t think so.
As a final option, you must offer a way to the parents to delete any information collected by the tech toys. All smart, connected toys must come with a “Parent’s Control Panel” app for example.
The app must be accessible from any pre-registered mobile phone or tablet by the parent or the child’s guardian. The parent must be able to access the tech toys via the app, at any time and ensure the child’s protection.
Once connected, the parent must be able to change the settings of the tech toys. Delete data. Update records. Block access to camera and the microphone from unknown IP and even MAC addresses. Erase the account. Alternatively, even have the power to cut off the internet of the tech toys.
The Parent’s Control Panel must have a “reset” button which lets the parents wipe any and all the info the IoT toy has learned with and about the child.
A recent report sh0ws that most consumers do not see value in the security and the privacy of the tech toys. Most users think that they are not supposed to know or deal with how the security of these new tech toys works. Most consumers do not understand the risks of having an insecure IoT device in their homes.
Let me ask you something dear parent. You would not buy a house that does not have a front door, so why would you buy a tech toy for your child, knowing that there is no security in place?