Kaspersky on hackable walkie-talkies: “IoT device guidelines need more teeth”
December 2019 by Kaspersky
Following’s today news that strangers can potentially communicate with children through hackable walkie-talkies, David Emm, cybersecurity expert and Principal Security Researcher at Kaspersky, comments on the development and how IoT guidelines ‘need more teeth’, especially when protecting children’s connected devices.
The commentary and tips for parents and consumers from Kaspersky
“Connected toys, CCTV tools and Amazon Alexa are all becoming mainstream features in today’s modern home, but it’s vital that consumers consider the dangers of these devices, as they could be enabling cybercriminals to watch, listen and attack. Today’s news that children’s karaoke and walkie-talkie toys – popular Christmas gifts and commonplace in children’s bedrooms – are hackable, enabling nearby strangers to potentially talk to children through them, or capture data from the devices, is incredibly concerning. It’s also clear that these products don’t comply with the UK guidelines for smart devices, suggesting that these guidelines need more teeth. Something stronger than a voluntary code of practice is vital, especially when it comes to protecting children.”
Parents also have a responsibility to help keep their children’s connected devices protected. Kaspersky advises that parents and consumers always consider the following tips, to ensure the safe use of their smart devices:
1. Are the extras essential?
Do you need the functionality that’s in the device you’ve just bought? If it comes with X, Y and Z, but you only really need X, disable what you don’t need, or look for a product with just the functionality you need. More functionality simply makes a product more vulnerable to a cyber-attack.
2. Look at reviews.
Has this product been reviewed – and well? Has it got a good reputation in terms of safety? If there’s a lot of negative feedback, consider whether you should invest in it at all.
3. Change default settings.
Does the device come with a default password? If it does, change it immediately. Some manufacturers of routers, for example, ship a device with a unique key – which is something that all manufacturers should be doing. However, they aren’t yet, so consumers must get into the habit of changing default passwords quickly.
4. Will the device update itself?
The chances are that in the future, a cybercriminal will find a vulnerability that lets them compromise a new device. Check if the device you are planning to buy can be updated by the manufacturer.
5. Change your thought process.
The device might provide functionality that pre-dates the digital age – for example, baby monitors. As a result, we’re not thinking about digital security. We must all start to think about digital security, in the same way that we think about real-world dangers, from the moment they buy a connected device. Consider the risks and how you can mitigate them.