Data privacy day is celebrated once a year, but its good to remember to keep our personal privacy guarded! Interesting article discussing the security measures we should pay attention to as our homes become more internet connected, Via WT VOX
And the story goes like this. It happened last year, in a cold day of November. A toy manufacturer from Hong Kong, VTech, wasn’t using SSL or encrypting passwords for its line of children’s tablets. It did not think it was needed. As you imagine, for the hackers, stealing VTech‘s data was just a “child’s play.”
What happened next was a security nightmare. You are looking at 6.4 million exposed children. Millions of children have “lost” their data. Their names, their emails, their downloads, their passwords, the IP addresses, photos, password recovery info, audio and video recording.
All these details were compromised. Together with the children’s real names, their genders and their dates of birth. Even their home addresses. Shocking, isn’t it?
You see, the tech can be quite magical when we use it to make the world we live in, a better place. A safer place for all of us, little humans included. However, as much as we love new tech, we must never lose sight of the fact that the tech, for all its possibilities, it also creates new risks.
Moreover, for that alone, when dealing with children in an IoT context, their security and privacy must be your priority. In a tech toys context, the child protection must be paramount to you. You, the parent. You, the IoT maker. Right from day one.
More than ever, now. In the light of what has happened within the “Internet of Toys” community, any IoT companies must be taking extra security measures. We commend V-Tech and Mattel/ToyTalk for addressing their recent security breaches and strengthening their commitment to security.
Making toys is not an easy business. Look at it from a safety point of view. Children can swallow their toys. They can also break them into little parts and get cut. Get hurt. Suffocated. Even poisoned, if the paint you have used has the wrong chemicals.
You’ll have to pass all the regulatory and safety tests. The 16 CFR.1500. The EN.62115. The FCC. The EMC. The RF testing. And more than that, the “Internet of Toys” is not just another toy-making business. It is the Internet of Things for the toys. The above-mentioned tests are just the beginning.
To ensure proper children protection, you must lock down and partition the toy’s system and all the associated apps. By doing so, you are going to prevent and limit the exposure of your tech toys to malicious attacks.
Your IoT company must take that “extra step” to encrypt and anonymize the user’s data. The data you have collected via your tech toys. In this case, your clients are the children. With the “birth” of the tech toys, the child protection definition is going to change too. No, it is not a joke.