By John Gruber
Jiiiii — All your anime stream schedules in one place.
Lorenzo Franceschi-Bicchierai, reporting for Motherboard:
A company that sells “smart” teddy bears leaked 800,000 user account credentials — and then hackers locked it and held it for ransom.
A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange heartfelt messages left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen. […]
As we’ve seen time and time again in the last couple of years, so-called “smart” devices connected to the internet — what is popularly known as the Internet of Things or IoT — are often left insecure or are easily hackable, and often leak sensitive data. There will be a time when IoT developers and manufacturers learn the lesson and make secure by default devices, but that time hasn’t come yet. So if you are a parent who doesn’t want your loving messages with your kids leaked online, you might want to buy a good old fashioned teddy bear that doesn’t connect to a remote, insecure server.
Of course, anyone who isn’t a computer security expert has no hope of being able to determine whether any particular internet-connected device is actually secure. And even security experts can’t be sure. If you’re going to use an internet-connected device, you have to trust the company who made it.
See also: This story from October, about HomeKit’s stringent security requirements.
★ Monday, 27 February 2017