Your Child’s Toy Will Cause Your Next Corporate Breach
In case you didn't know, your child’s toys are telling on you...to anyone listening.
This year there will be a surge in toys under the Christmas tree which will soon be connected to the internet. Welcome to the Internet of Things (IoT) where everything is connected.
According to Gartner, forecast for 2016 was that 6.4 billion things where connected to the internet. This was up 30 percent from 2015, and projections are we will reach well over 20 billion IoT devices by 2020. In 2018, we will see ~10 million new things will get connected every day and many of them will be “Smart” Toys.
Are you giving your child a smart toy this year?
If you answered yes, I highly recommend you read on. Why?
Because the toy you are giving them is connected to the internet.
If the toy you are giving them can see your child, can talk to your child, or communicate in any why with you child, so can bad people.
AND BAD PEOPLE WILL TRY TO COMMUNICATE WITH YOUR CHILD.
Why will bad people do this? Because it’s easy! Some for fun, some for money, in any event, it's an easy way to get to you, your family, your company and any person business you may perform via/over the internet, on any computer in your home, or any other IoT device, like the one controlling the electricity to your home (that’s for another article).
To protect yourself, you must teach your children how to be safe on the internet – some cyber health if you will.
Teach your child a little internet/cyber safety early.
Teach your child to create/build and use strong passwords and pins; the longer the better. Always change the default password and pin. For a pin, it should be at least 4 numbers, however, I personally use and recommend 8.
For a password, it should be at least 8 characters. Many corporations and government entities recommend 12-14.
Personally, I recommend using the longest the system you are using and keep all of your passwords in the cloud and then this single key store/key manager should be at least 24 characters.
Update your IoT devices regularly. If they allow automatic updates from the vendor, I recommend clicking on the allow option.
What kind of wireless connectivity is the toy going to use. Will it use Bluetooth, Infrared, RFID, or WiFi? Is it a client/endpoint or access point? What else is it connected to? Is it integrated to you home computer and/or does is work with Alexa, Siri, Google Home or other technologies? You need to know this.
How is your data shared? Who is it shared with? Do you care? You should and you should research into who is getting your data and who is it shared with.
Why?
What if it’s a company in a foreign company or a direct competitor to you company collecting this data.
If I was a Pen (Penetration) Tester, I definitely would try to gather this information and or ability to connect with you – directly into your private home.
Really, anyone who wanted this private data about your child and you could easily be obtained from your child IoT device. For a Pen Tester, this would be a quick and easy way to learn and gain some very personal information about you and your family.
Knowing this, whatever you do, DO NOT provide any sensitive data about you or your family in any IoT device. The less information you provide about you and your family, the better. There is much more about why you should care about your data, and that’s a whole other topic I’ll save for another day.
Finally, when it comes to teaching your children about the internet/on-line/cyber safety, above all, watch and learn from you child. You will be amazed at what they will teach you and what you will learn. This is the world we live, a world of continuous learning.
And looking back we understand learning starts with their 1st toy.
What was you 1st toy and what did you learn from it? What did you think of this article. Love to hear from you.
Have and awesome day!