FBI PSA CYA ASAP

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
52,948
The FBI wants you to know that all sorts of new kids toys have the ability to leak what might very well be sensitive information about your kids online. Just ask Alexa or Google Home.

The FBI encourages consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments. Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions. These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.
 

Cyraxx

Supreme [H]ardness
Joined
Feb 21, 2005
Messages
4,114
I'm guessing they are referring to "toys" that can connect to wifi in some way. There is a reason why I won't touch that stupid shit.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,537
Wait, why is the FBI telling us this? Must be a reverse psychology attempt.
 

PaulP

Gawd
Joined
Oct 31, 2016
Messages
776
Too much of this internet connected stuff is designed and implemented by amateurs. By amateurs I mean people that don't have the training and/or experience in creating products where "correctness" is required. That means starting with requirements (to define all functionality and correct behaviors) and ending with V&V. There are a lot of steps in between (including security reviews), but if this kind of professional process is not used, then the device will be insecure. It's all a function of time-to-market and final cost, of course, but as always you get what you pay for.
 

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,517
Kind of surprised the NSA has not yet provided a "buy this, not that" for security. The "that" of course being toys which they have already hacked into.
 

Cyraxx

Supreme [H]ardness
Joined
Feb 21, 2005
Messages
4,114
Too much of this internet connected stuff is designed and implemented by amateurs. By amateurs I mean people that don't have the training and/or experience in creating products where "correctness" is required. That means starting with requirements (to define all functionality and correct behaviors) and ending with V&V. There are a lot of steps in between (including security reviews), but if this kind of professional process is not used, then the device will be insecure. It's all a function of time-to-market and final cost, of course, but as always you get what you pay for.

Eh, I don't think it's so much that - I think it boils down to ANYTHING that connects to a network or the internet has to have updates on a regular basis. Period. No matter how diligent you are with your initial release, holes will be found eventually somewhere down the line.
 

PaulP

Gawd
Joined
Oct 31, 2016
Messages
776
Eh, I don't think it's so much that - I think it boils down to ANYTHING that connects to a network or the internet has to have updates on a regular basis. Period. No matter how diligent you are with your initial release, holes will be found eventually somewhere down the line.
While I agree that having the ability to update the firmware in the field is necessary, that is not a solution to poor software design and implementation. Take for example, the aforementioned firmware updating process. Many just install TFTP and use the same password on every device. No locked boot-loader or digital signing of the new image. So once the password is discovered, it is simple for a hacker to upload new firmware, including changing the password. We should not accept a "patch it later" mentality to security.
 

{NG}Fidel

Supreme [H]ardness
Joined
Jan 17, 2005
Messages
6,286
So we accepting what they say this time or just blowing it off as corruption/deep state. Really confusing to me.
 

magoo

[H]F Junkie
Joined
Oct 21, 2004
Messages
14,489
It's sad people are so fucking dumb, the FBI feels the need to warn them.

What they need to warn people about are the robots that are going to KILL US ALL!!!!!
 
Top