News
Industry comment - IoT teddy data leak
February 2017 by Richard Brown, Director EMEA Channels & Alliances at Arbor Networks
Following the news that a maker of Internet-connected stuffed animal toys has exposed more than 2 million voice recordings of children and parents, the comments from Richard Brown, Director EMEA Channels & Alliances at Arbor Networks.
“The fact that two million voice recordings of children and their families were exposed online and held to ransom due to an insecure MongoDB installation, highlights just how attractive IoT devices are to attackers because so many are shipped with insecure defaults. A large proportion of embedded systems are rarely if ever updated in order to patch against security vulnerabilities. There are tens of millions of vulnerable IoT devices, and their numbers are growing daily.
“To combat these types of attacks, the solution is twofold. Firstly, users should look to protect their own connected devices, by isolating IoT devices from other services and the internet if they aren’t required. From a business perspective, security teams should implement best practices for ingress filtering to ensure product updates are legitimate from the network. Organisations should also isolate management traffic from data traffic, harden devices and shut down unneeded services, and understand traffic patterns and know what normal traffic looks like.”
