The exploit raised the obvious question: as more toys become connected to the Internet, how many have lax security? And how many millions, or hundreds of millions, of children are in danger due to it? We got a partial answer on Dec.4, whenBluebox Security discovered serious vulnerabilitiesin Mattels Hello Barbie, the Internet-connected version of the iconic doll toy. It is entirely possible that the majority of Internet-connected toys have serious vulnerabilities. There are many reasons for this.
First, these are the early days of hack-attacks on toys, so hackers have a head start. And then there are no real regulations for the Internet of Thingsdevices that are connected to each other and to the Internet. It isnt just toys; the Internet of Thingsincludes appliances, cars, and a host of previously unconnected digital and semi-analog devices.
The Internet of Thingsis not secure, largely because companies dont feel obliged to invest the time, money and effort necessary to secure their devices. There also arent any global security standards or accepted guidelines. To make matters worse, companies are not required to tell consumers what information they are gathering and how they will protect it. The recall by Fiat Chrysler Automobiles, in July 2015, of 1.4 million Chrysler, Dodge, Jeep and Ram vehicles demonstrated the extent of the problem. The company had long known about security vulnerabilities in its touchscreen and Uconnectsystems, yet it didnt correct them until Wired magazineand The Postpublished exposs showing how the vehicle could be hijacked while the driver was at the wheel. Lives could have been lost due to that.
Protecting children from hack attacks is exceptionally important. They are vulnerable and innocent. And that makes them emotionally charged targets for cyber-extortion attacks. Imagine if a truly evil hacker had accessed the VTech systems and intercepted communications or captured images from the cameras. Parents could have easily have faced extortion through threats to harm their kids. And many would have paid.Last year, Fox 19 reportedthat a man hacked into a baby monitor in a home in Cincinnati, Ohio, and started screaming Wake up baby! at a 10-month-old girl. The parents, understandably, felt violated.
VTech quickly admitted that its security had not been up to snuff. But lets be clear about this. VTech had little real incentive to worry about security. Of course the company did not want to harm its customers; but there is no real bite in the laws seeking to penalize companies for failing to protect their customers data. Even in California, where companies are legally required to quickly disclose hacks and warn customers that their data have been stolen, breaches continue. Globally,cyber attacks increased by 48 percent from 2013 to 2014, according to a large survey by consultancy PwC. Those attacks cost businesses, on average, $2.7 million per incident.
It is possible that recall costs are not sufficient motivators. Rarely are victims compensated for the loss of control of their identity, an unfortunate gift that keeps on giving for many years to come. VTech earns $2 billion in revenueand says that Internet-connected childrens products are amongst the fastest area of its growth. A better way to deal with this might be to dramatically raise the penalties for lax security. This could be accomplished by insurance companies but should also include some mandatory payback clause to compromised customers. Or perhaps it could be a contribution system whereby all manufacturers of connected devices pay into a compensation pool. This is, of course, another flavor of insurance. Businesses would hate this idea, but it might force them to do the right thing.
Increases in government regulations are rarely productive and can often harm innovation. But it may be prudent to expand the equipment authorizationprogram of the FCC. This requires the testing of radio frequencydevices used in the United States to ensure that they operate effectively without causing harmful interference and that they meet certain technical requirements. These requirements could include the encryption of data and other security safeguards. This is particularly important given that our Internet of Thingsdevices are mostly manufactured in China. The security holes could allow snooping on an unprecedented level in homes as well as offices.
And heres a really radical thought.
What if we mandated that businesses create systems that allow customers to control their own data to see what is being collected and to alert them when those data are stolen? This has long been a pipedream of privacy activists. But we are actually tantalizingly close to having the capability of creating such as system.
My colleagues at Stanford Law School, and many others, have been researching how this would work. Roland Vogl, who heads Codex, the Stanford Center for Legal Informatics, envisages a system that allows people to manage and analyze all of their structured data, including those generated by Internet of Thingsdevices. End users would connect their devices to apersonal dashboard, through which they will be able to monitor and control their data. They would select which data can be shared and with which companies. Vogl says there are already some implementations of these technologies, such as OpenSensorsand the Wolfram Connected Devices Project.
The solutions arent difficult. We just need the motivation, regulation and coordination. The alternative, in todays Wild Wild West of Internet of Thingsdevelopment, is a runaway increase in security nightmares. It is better to set the standards now and ensure a safer cyber world for our children and ourselves.
About Author | |
Vivek Wadhwa is Vice President of Innovation and Research at Singularity University; Fellow, Arthur & Toni Rembe Rock Center for Corporate Governance, Stanford University; Director of Research at the Center for Entrepreneurship and Research Commercialization at the Pratt School of Engineering, Duke University; and distinguished visiting scholar, Halle Institute of Global Learning, Emory University. He is author of ”The Immigrant Exodus: Why America Is Losing the Global Race to Capture Entrepreneurial Talent”–which was named by The Economist as a Book of the Year of 2012. Wadhwa oversees the academic programs at Singularity University, which educates a select group of leaders about the exponentially growing technologies that are soon going to change our world. These advances—in fields such as robotics, A.I., computing, synthetic biology, 3D printing, medicine, and nanomaterials—are making it possible for small teams to do what was once possible only for governments and large corporations to do: solve the grand challenges in education, water, food, shelter, health, and security. |
Website: http://wadhwa.com/2015/12/11/when-kids-start-getting-hacked-its-time-to-wake-up-about-cybersecurity/
Disclaimer: Please use this channel at your own discretion. These articles are contributed by our users. We are not responsible or liable for any problems related to the utilization of information of these articles.