Forth Valley College computer students who researched how easy it was to hack into childrens’ toys have made some worrying and disturbing findings.
Led by FVC lecturer and expert in cyber security – Susan Gardner – the group of Level 5 National Progression Award (NPA) class studying Data Security, Digital Forensics and Ethical Hacking at the Falkirk Campus, looked into childrens’ toys in the run up to Christmas 2016.
They specifically focussed on speaking toys or devices, such as talking cuddly toys, robots, baby monitors and SIRI equipped laptops and Q&A devices for toddlers. Their findings proved to be shocking and very worrying!
Susan, said:
“In the lead up Christmas, I had an idea to run a hackable workshop with my students. The aim was to test popular children’s toys that are within a lower end price range. The amount of items that are available are considerable, especially as a parent myself I was thinking about which toys which might appeal to my five year old son. I realised that with the cheap production of electronic toys and especially those which can be interconnected via the internet, it would be relatively easy for hackers to expose their vulnerabilities.
“My NPA class were already looking into cyber security, so I decided to give them a workshop on this very area one day. We looked closely at a cute – and very popular – speaking bear and it became evident very quickly that we could use this for malicious intent. It was very easy to exploit the technology that was housed within the product and we could control the bear in a variety of ways.
“The group performed a task to perform reconnaissance on the bear before we unboxed it. We built a profile and tried to figure out as much as we could and also treaded through legal agreements. Students were shocked to quickly find out that the manufacturer was not liable for such potential threats.
“Students also tested at a range of around 20 metres – and in different rooms – and we could get it to say anything they wanted it to say! This was without downloading the recommended app to a smart device. So it really was quite frightening. Our intent is not to scaremonger parents on which toys they may buy their children, but to let them be aware of the security issues that may exist and how to protect them. Potentially someone could sit in a car outside in the street and exploit a young child’s toy in their own home.
“Hopefully we can now make people aware that when they buy these toys – the bear can be bought for under £10 – they need to take steps to secure it themselves as the makers will not take any responsibility for anyone hacking in to it.
“Our findings from this research did not particularly shock me, but it did shock my students, especially the ones with children. As a massive boom in the ‘internet of things’ grows at a rapid rate, securing such devices is very important. Exploits such as hacking into people’s homes, to devices such as smart thermostats, cameras and locks etc, are potential threats that are on our doorsteps.
“Our aim as a computing department at FVC is to promote programming and security as these are the essential skills needed to protect to keep up with the growth rates in development. We are proud of the courses that we deliver as a department and have lecturers here that have great skill sets to provide leading research in a variety of areas.”
Student Almantas Mikenas (24) from Bainsford in Falkirk, said:
“I was pretty shocked and believe that something vulnerable like this should not be on the market, but at the moment there is no way to control anything like that. I was considering buying something similar to this for my five-year-old nephew before Christmas and I ended up just buying him building bricks.
“The course has been great, I have learned a lot and I know what to expect now. Cyber security is really interesting and I hope that I might work in this industry in the future.”
Andrew Smirthwaite (24) from Bathgate, said:
“My first thought was how could a toy not be secure for a child! I have found this all very interesting and it has sparked a definite curiosity in me. I am glad I joined this course as I have really enjoyed it and I would really like to work in the cyber security industry as a career after college.”
However, Susan who is an expert in the field of ethical hacking and software development, is optimistic that one of the ways forward is teaching students about the possible dangers and how to combat them. She believes that their skills will be much sought after in all industries and workplaces in the near future.
Susan added:
“I love the internet and new technology and I believe we should have all these smart devices, but I also believe we should make sure they are secure as they can be. And a little bit awareness can go a long way. I have attended various conferences in Cyber Security and attended InfoSec and the general message is the rate things are evolving is exponential and there just isn’t enough cyber security professionals available. That is why Forth Valley College is one of the sector leading further education facilities in Central Scotland offering specific courses in this field. We recognise that highly training computer graduates are going to be essential in the coming years and we provide that higher level training.
“Cyber Security and Ethical Hacking has been taught here at FVC for the last two years and we are teaching what to look out for and how to combat cyber crime. So we focus on the positive rather than the negative aspects of hacking that you hear about in the media. This means our graduates will perhaps be able to become valuable assets for toy and home appliance manufacturers – so that innocent people do not have to grin and bear it when their devices have been exploited!”
Forth Valley College Principal Dr Ken Thomson, said:
“Forth Valley College prides itself on its innovation and cutting edge sector leading departments and it is telling research such as this - carried out by Susan Gardner and her National Progression Award class studying Data Security, Digital Forensics and Ethical Hacking - that is enhancing our reputation.
“We are very proud of the work of our staff and students in the Computing section of our Creative Industries Department. It is another example of how we are making learning work here at Forth Valley College.”
Anyone looking to find out more about Forth Valley College’s extensive range of computing course should visit https://www.forthvalley.ac.uk/departments/creative-industries/ or call 01324 403000.