Computerworld

Have a merry, insecure IoT Christmas

The New Zealand IoT Alliance has talked up the potential for IoT enabled toys to enrich Christmas gift giving, with no mention of their notorious lack of security.
  • Stuart Corner (Computerworld New Zealand)
  • 08 December, 2017 14:30

The New Zealand IoT Alliance has talked up the potential for IoT enabled toys to enrich Christmas gift giving, with no mention of their notorious lack of security.

The alliance’s executive director, Kriv Naicker, said IoT gadgets were growing in popularity for Christmas presents because they make people’s lives more enjoyable and easier.

"Christmas is a time for good spirit, gift-giving and rare indulgence. But for us and the techies out there, it is also a great time to consider the goodies and gadgets they fancy from Santa this year," he said.

“For those who love Star Wars and R2D2, the pretty cool Littlebits Droid Inventor Kit is one of the most popular IoT gifts people can buy this Christmas,” he said. “The kit contains a proximity sensor that beams an infrared light that allows it to sense objects in front of it. Pretty cool!”

The alliance listed other “examples of some of the IoT devices people can gift to friends or family this Christmas,” as:

- The Quick Egg Minder, a smart connected tray that generates notifications when a home is about to go out of eggs and that also helps find out the expiration date of eggs in the tray.

The Botvac, which cleans up to 465 square metres per cleaning cycle. “It gets into corners and close to walls and can be connected through your smartphone. Create a cleaning schedule, and view a summary of where your cleaning robot has been,” the alliance said.

UK consumer body Which? — the equivalent of Consumer NZ– in the run up to Christmas called for a ban on insecure internet-connectable child’s toys, releasing a video showing how easy it is for some devices to be compromised and used to speak directly to a child.

“Connected toys with Bluetooth, wi-fi and mobile apps may seem like the perfect gift for your child this Christmas. But we’ve found that, without appropriate safety features, they can also pose a big risk to your child’s safety,” it said.

“Over the past 12 months, Which?, in collaboration with consumer organisations and security research experts, has conducted investigations into popular Bluetooth or wi-fi toys on sale at major retailers. This has revealed concerning vulnerabilities in several devices that could enable anyone to effectively talk to a child through their toy.”

Which? takes particular issue with the I-Que Intelligent Robot, made by Genesis Toys, saying “The German consumer organisation, Stiftung Warentest, found that it uses Bluetooth to pair with a phone or tablet, but the connection is unsecured. In fact, anyone can download the app, find an I-Que within Bluetooth range and start chatting by typing into a text field.”

In a press briefing earlier this year Nick Savvides, who is responsible for Symantec's cyber security strategy across Asia Pacific and Japan, related his own experiences with a connected toy.

“My wife bought a stuffed toy that lets my son record a message, which it sends to my phone. I can reply and it will play him my reply,” Savvides said.

“I played with it and watched the data traffic. It has no authentication, no security at all. I said ‘We can't use this’. So now it sits in his room as a $150 stuffed toy.”