Lorenzo Franceschi-Bicchierai, reporting for Motherboard:
A company that sells “smart” teddy bears leaked 800,000 user
account credentials — and then hackers locked it and held it
A company that sells internet-connected teddy bears that allow
kids and their far-away parents to exchange heartfelt messages
left more than 800,000 customer credentials, as well as two
million message recordings, totally exposed online for anyone to
see and listen. […]
As we’ve seen time and time again in the last couple of
years, so-called “smart” devices connected to the internet — what
is popularly known as the Internet of Things or IoT — are often
left insecure or are easily hackable, and often leak sensitive
data. There will be a time when IoT developers and manufacturers
learn the lesson and make secure by default devices, but that time
hasn’t come yet. So if you are a parent who doesn’t want your
loving messages with your kids leaked online, you might want to
buy a good old fashioned teddy bear that doesn’t connect to a
remote, insecure server.
Of course, anyone who isn’t a computer security expert has no hope of being able to determine whether any particular internet-connected device is actually secure. And even security experts can’t be sure. If you’re going to use an internet-connected device, you have to trust the company who made it.
See also: This story from October, about HomeKit’s stringent security requirements.
★ Monday, 27 February 2017