To support my firm’s corporate and social responsibility efforts, I volunteered to help NSPCC, a charity working in child protection, understand the Internet of Toys and its security and privacy implications.
I hope the efforts in this area will result in better policymaking and raise awareness among children and parents about the risks and threats posed by connected devices.
Toys are different from other connected devices not only because how they are normally used, but also who uses them.
For example, children may tell secrets to their toys, sharing particularly sensitive information with them. This, combined with often insufficient security considerations by the manufacturers, may be a cause for concern.
Apart from helping NSPCC in creating campaign materials and educating the staff on the threat landscape, we were able to suggest a high-level framework to assess the security of a connected toy, consisting of parental control, privacy and technology security considerations.
It’s the second year I’m attending the IoT Security Foundation conference and it continues to be a great event.
Strategic and technical tracks run in parallel with vendor showcases and means that there’s something interesting for everyone.
It’s great to see industry practitioners and academics coming together to discuss the ethics of IoT, challenges with design and development and the direction of travel of security.
Some of recorded talks are available on the IoTSF website.
Best practice guidance on vulnerability disclosure, connected consumer products and security compliance framework are available to download.