Finally
Someone is thinking of the children.
Spiral Toys, makers of the insecure Bluetooth-connected stuffed animals dubbed CloudPets, is being grilled for information by a US Senator. On Tuesday, Bill Nelson (D-FL), ranking member of the Senate's Committee on Commerce, Science and Transportation, sent Spiral ten questions demanding answers about the security of its …
Proper IT security can be expensive and take a considerable amount of time to implement and test. The C-Level parasites are having none of it since it cheaper to get bulk credit monitoring after the class action law suit. Even easier is to form a company that will be dissolved after shipping out a hundred containers worth of the toys. They just take the tech with them and some of the better engineers and start a new company that will make the next thing with poor security for a quick bit of dosch. Lather, Rinse, Repeat.
make the next thing
It will not make anything. The whole scam works solely because of contract manufacturing. You do not make anything. If you made something, you would have had tangible assets and it would have taken some time for you to execute a "submerge and re-emerge elsewhere" routine.
The only way of dealing with these in the age of contract manufacturing is to make resellers liable for the tat so that we do not have the banned German batch of toys banned by the regulator re-appearing in UK Entertainer at a "sales" price with the floor staff setting them up for a pre-setup "Mommy buy me this fluffy one" ambush.
Presently, while the reseller is liable for traditional law issues such as fire and health and safety they have little or no liability for the digital bits. They can shrug and say - it is not a service offered by us, deal with the company offering it. This should change with the reseller being fully liable for any digital service bundled "at the moment of sale" with the goods they are selling.
This is not limited to toys by the way. The situation is the same with cameras and other tat. If you successfully slag them off in let's say an Amazon review (which I have), the result is that they put the tat on sale (so more people get it).
You've got to wonder is the Senator being rhetorical or does he genuinely not know?
Because I'm pretty sure that putting a lot of childrens data online with effectively no access control would breach their "online privacy" quite a lot.
Once this takes effect, I think there will be a lot of rubbish like this toy pulled from the market either by choice or because the manufacturer has gone bust after being hit with seriously heavy fines.
Fines of 10Million Euro or 2% of their annual world-wide turnover should hopefully put a stop to this.