|
HB1PMS > TECH 29.02.20 19:42l 69 Lines 3148 Bytes #999 (0) @ WW
BID : 2286HB1PMS
Read: GAST
Subj: Connected Children’s Toys aren’t Cybersafe: Resear
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200229/1606Z 8603@HB1BBS.ZL.NLD.EU BPQ6.0.19
Van: HB1PMS@HB1BBS.ZL.NLD.EU
Connected Children’s Toys aren’t Cybersafe: Researchers Reports Several
Serious Vulnerabilities
Almost every day a number of devices are reported to have vulnerabilities.
Today it is children’s connected toys.
Several security flaws including lack of authentication for device pairing
were found in toys sold this holiday shopping season.
Researchers at NCC Group and a consumer group ‘Which?’ together tested the
smart toys from several top brands including Mattel and Spinmaster.
What did they find?
Many of the toys were found to be missing authentication when connecting to
a device for pairing.
This authentication ensures that the toy is connecting to a legitimate
source. When it is missing, the toy can potentially be open to a variety of
attacks that may endanger the kids.
During the research, it was found that walkie-talkie devices of the same
brand as that of the toy could be effortlessly paired and used to
communicate with the child, from a distance of up to 150 meters.
Another flaw they found was that some toys required logging into certain
websites for updates or downloading certain features. These websites were
missing encryption and consequently exposing account and session data to
being intercepted by almost anyone.
Researchers also found another vulnerability associated with some of the
toys. The websites indicated whether a username or email address was already
registered. This could potentially allow attackers to launch brute-force
attacks to obtain registered usernames and email addresses.
What they’re saying
“While the onus should never fully lie with parents or guardians, checking
that the product literature has sufficient reference to security and privacy
before purchasing should be the first step. And if concerns persist after
purchasing the device, supervision should always be performed on toy
operation and any accompanying online activity and use,ö said the NCC Group,
that was a part of the research.
“Safety is top priority with every Singing Machine product produced, as
demonstrated by our 37 year history without a product recall. We follow
industry best practices as well as all applicable safety and testing
standards,ö said Singing Machine in a statement.
73 Henk.
======================================================================
_ _ ____ __ ____ ____ _____
| | | | _ \/_ | _ \| _ \ / ____| SYS: Henk (hb1nos@hb1bbs.com)
| |__| | |_) || | |_) | |_) | (___ QTH: Ouwerkerk - JO11XO
| __ | _ < | | _ <| _ < \___ \ BBS: HB1BBS.ZLD.NLD.EU
| | | | |_) || | |_) | |_) |____) | QRV: 27.235 MHz (FM 1200bps)
|_| |_|____/ |_|____/|____/|_____/ WEB: www.hb1bbs.com
======================================================================
** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93
======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed zaterdag 29 februari 2020 17:04 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU
Lese vorherige Mail | Lese naechste Mail
| |