“We’re in a pre-9/11 moment,” warned Mike Wallace, a member of the National Infrastructure Advisory Council (NIAC), at the White House on August 22.
Earlier this year, “My Friend Cayla” was banned in Germany.
Cayla is an interactive doll that can tell stories, answer questions—even solve math problems.
Cayla can also collect and transmit everything she hears to her manufacturer’s server, leading German regulators to decide that in addition to being a little girl’s best friend, Cayla might also serve as a cunning espionage device if intercepted by a third party with malicious intent.
You can still purchase Cayla in the US, however, which got me thinking about all the other children’s products out there with embedded computer processors that are vulnerable to cyber attacks.
Children are not immune to the Internet of Things (IoT).
From dolls like Cayla to cloud-based baby monitors, toys and other products for children are increasingly Internet connected. Yet despite all the embedded devices we are putting into the hands of our kids, we don’t have sufficient standards and regulations to ensure that these devices are safe and secure.
The US Consumer Product Safety Commission publishes 90 pages of standards to address safety hazards in toys intended for children 12 years of age and younger. From Stuffing Materials to Pompoms to Squeeze Toys, these standards cover 41 categories of toys and their components. You would think we had all the bases covered, right? Wrong. In those 90 pages and 41 categories, there is nothing about Internet-connected toys. We worry about choking hazards and sharp edges. We check for flame retardant fabrics and measure that loose cords are less than 12 inches. But what are we doing to ensure that Sally’s doll isn’t collecting personal information and relaying it to some unknown party? How are we guaranteeing that some crazy hacker can’t connect with your baby’s monitor to stream obscenities instead of Timmy’s favorite lullaby?
We depend on firewalls to protect our networks, and virus protection software to block every virus. We cross our fingers and we do our best, but none of it has been good enough. None of it until now. Dover Microsystems has a different approach. Rather than putting yet another software band-aid on the problem of cybersecurity, Dover is securing devices to the core with technology that is placed right next to, and wired up to, the main processor on the same chip. It checks each instruction that the processor executes to ensure it adheres to a set of predefined security policies. If an instruction violates a policy, Dover blocks it in its tracks—before any damage is done.
If a device is going in the belly of the stuffed animal your child sleeps with at night, or the doll she plays with during the day, it better be safe.
To the core. Because when it comes to our children, anything less than the best is simply not enough.