Endpoint Software for IoT Device Manufacturers

IoT security is usually a concern for businesses, but a recent security breach has parents worried about their children’s safety. A cybersecurity researcher discovered an open database that contains links to over two million voice messages that have been recorded by the owners of CloudPets toys. These stuffed animals let people record and send greetings through the toy or via a mobile app. The toys are mainly used by children to record messages for their parents and grandparents. The kids speak into a microphone inside the toy, and then their message is recorded and uploaded to cloud storage via a smartphone app. Parents and grandparents can listen to the message on a second CloudPets toy.

There are about 820 thousand CloudPets.com accounts. The uncovered database includes audio recordings from CloudPets users, and the profile pictures of children. The database also includes direct links to the recordings and anyone could have downloaded this data.

The voice recordings were exposed online because the toymaker used an insecure MongoDB installation that did not require any authentication to access. Researchers also say that one of the biggest flaws with CloudPets is that consumers weren’t using complex passwords to secure their accounts. Some users were even using the password “Cloudpets” to secure their accounts.

The California-based company, Spiral Toys, says it was notified about the breach in February. The database was accessed between December 2016 and January 2017. Consumers who have accounts on the CloudPets website should reset their passwords.

Although this data breach primarily impacts consumers, IoT device manufacturers should use this security incident to make sure their products are secure before they’re available to consumers. Device security should be prioritized because the consequences of a security breach can land companies in trouble with government agencies. For example, the FTC can take enforcement actions against Spiral Toys because the privacy of children was compromised in the breach.

Below are three tips that manufacturers can take to get consumers to secure their online accounts.

  1. Require complex passwords: People like to use simple passwords to secure their accounts because these passwords are easier to remember, but simple passwords leave people vulnerable to a security breach. Strong passwords include capital and lowercase letters, numbers, and symbols. Consumers should be required to use strong passwords to secure their online accounts.
  2. Require authentication for access: The CloudPets database was vulnerable because it did not require authentication to access. Companies should use authentication as a second layer of security to secure data from malicious actors, especially when it is consumer data.
  3. Scan networks and databases for vulnerabilities: Companies should also continuously scan consumer information databases for vulnerabilities. By scanning for vulnerabilities, companies can immediately schedule patch updates when issues are found. Companies can also scan networks for suspicious activity and uncover malicious actors.

It is clear that in 2017, Endpoint Security is important to consumers and businesses alike. Consumers need to follow best practice guidelines by creating strong account passwords. IoT device manufacturers need to use endpoint security software to keep their devices secure from outside threats. With endpoint management, threats can be discovered before data is compromised.