Just last Fall, toy maker Fisher-Price started selling a new Internet connected interactive teddy bear. This toy is one of many Internet connected products that are a part of the rapidly expanding Internet of Things about which I have written many times. While entertaining and convenient, the Internet of Things which encompasses all manner of products from cars to refrigerators to even medical devices brings with it security concerns due to the possibility of hacking, which in the case of Smart Toy, the Fisher-Price stuffed bear was a legitimate concern. Rapid 7, a security firm discovered that the app connected to the toy had numerous security flaws that would have enabled a hacker to steal the child’s name, birth date and gender. This information could have been misused by a hacker and created identity theft issues for the child. The information also could have been used by a hacker to create dangerous spear phishing emails likely to trick targeted family members into downloading dangerous malware. Rapid 7 notified Fisher-Price about the security flaws and Fisher-Price has corrected the problems.
Fortunately, there are a number of steps you can take to make your use and your children’s use of products that are a part of the Internet of Things safer. The fewer places that have your personal information, the safer you are so if you need to provide a birth date or other information, consider providing intentionally incorrect information. There is no law requiring you to provide yours or your child’s correct birth date. Also set up a separate email address for your Internet of Things devices and products.
Many of the devices that make up the Internet of Things come with preset passwords that can easily be found. Change your password as soon as you set up the product.
Set up a guest network on your router exclusively for your Internet of Things devices.