Moratorium on IoT-enabled Toys, Monitors, Until Strict Security Standards are Imposed
Feb 19, 2015
My colleague, Principal Analyst Nancy Jamison recently Tweeted a BBC article about a disturbing trend in children’s toys and that is their being connected to the Internet (the Internet of Things). Disturbing in that as we have seen with the issue of IoT-enabled baby monitors it opens the door for hacking, and with it the potential for sexual abuse and assault, blackmail, even robbery, kidnapping, and murder.
Here are four hard truths with this matter:
First, it would be foolish to underestimate the growing technical sophistication of these skels, and the size of the sick and twisted global market for access to IoT devices involving children.
Second, the IoT security risks are so great, and they are morphing faster than the IT “white hats” can respond, that not even the most sophisticated and careful manufacturer can keep up.
Third, the average consumer does not--and cannot and should not be expected --to understand security methods and terms like “default settings”. Consumers already have to juggle remembering to set up and change an explosion of passwords. Soon we will have to have passwords to turn on light switches. There is a finite limit to individuals’ capacity for this kind of thing. People do have to get on with their lives.
Fourth, there are no overriding value enhancements in toys, or in most consumer products, in having these items Internet-enabled, none that outweigh the risks. They prompt skeptics to ask "You mean a child can’t play without a toy that doesn’t have an IoT connection? How did they ever play, and how did we get along in life, without them?”
Regarding baby monitors, yes there is value to having them connected, but the dangers are so high that the networks should be monitored 24/7 by highly including continually trained IT security professionals. The same goes for connected homes and vehicles.
The cold reality is that IoT security has to catch up with the threats. To make that happen, governments should follow their primary mission: which is to protect the public. They should set strict IoT security protocols and standards, without them being watered down by industry. The standards should be able to be updated in real-time as threats evolve. Also the security systems must be so intuitive for consumers and employee users that they become second nature to activate and reset them: like flicking light switches.
At the same time governments should impose immediate moratoriums on the sale of high risk IoT items like consumer devices involving children directly and indirectly (like baby monitors), until these devices meet these standards. This leveling of the playing field gives manufacturers breathing room, until they can get to equal to the game, without worrying about their competition. It also gives consumers—their customers—much needed peace of mind, along with the faith and trust that any future IoT products will be reasonably safe.
Brendan Read is Senior Industry Analyst with over 25 years’ experience covering business, communications, staffing, and technology. He has worked in, prepared reports, and blogged on a wide range of topics including customer contact, CX, CRM, IoT, social media, supply chain, and BC/DR. He also has backgrounds in construction, manufacturing, materials, resource extraction, site selection, and transportation. He examines the broad economic, environmental, innovation, political, and social mega trends, and their impacts on businesses, markets, and society.