Naked Security Naked Security

News in brief: smart toys ‘threaten kids’ security’; Samsung battery teardown; HP turns off Telnet

Your daily round-up of what else is in the news

Your daily round-up of some of the other security stories in the news

Smart toys ‘threaten kids’ privacy’

Connected “smart” toys “pose a significant threat” to children’s privacy and security, according to a group of child advocacy, consumer and privacy groups who have filed a complaint with the Federal Trade Commission.

Two toys in particular are in the group’s sights, My Friend Cayla and I-Que Intelligent Robot, both of which are made by Genesis Toys and use Nuance software to answer questions posed by their knee-high owners.

Among the organisations putting together the complaint is the Campaign for a Commercial-Free Childhood, which led the charge against Mattel’s Hello Barbie earlier this year.

The groups claim that these toys don’t make clear what data they are collecting and that they don’t have the consent of the kids’ parents to collect that data.

Katie McInnis of the Consumers Union, one of the groups making the complaint, said: “As more toys are connected to the Internet, we have to ensure that children’s privacy and security are protected. When a toy collects personal information about a child, families have a right to know, and they need to have meaningful choices to decide how their kids’ data is used. We strongly urge the FTC to investigate these companies, stop the deceptive practices, and hold them accountable.”

Samsung battery teardown

Remember the unfortunate habit Samsung’s flagship Note 7s had of catching fire back in the autumn? After a number of explosive incidents, Samsung ended up withdrawing the model from sale.

The battery was widely thought to be the problem, and now a couple of engineers reckon they’ve nailed down the mechanism by which the batteries caught fire.

On the Instrumentalists blog, Anna Shedletsky reports that their teardown of a Note 7 found  that the device’s “lithium-polymer battery is a flattened ‘jelly-roll’ consisting of a positive layer made of lithium cobalt oxide, a negative layer made of graphite, and two electrolyte-soaked separator layers made of polymer.

“The separator layers allow ions (and energy) to flow between the positive and negative layers, without allowing those layers to touch.  If the positive and negative layers ever do touch, the energy flowing goes directly into the electrolyte, heating it, which causes more energy to flow and more heat – it typically results in an explosion.”

As Shedletsky notes, this kind of outcome is often the result of a tension between pushing the boundaries of technology and the margins of safety, and this is an occasion when a manufacturer didn’t get that right.

Remote printer access hardened

If you’re one of those diehard techies who still uses either FTP or Telnet to remote in to your networked printers, prepare to kiss goodbye to that aged way of accessing them. HP has said that it will turn off those protocols by default in new printers, and older devices will have firmware updates pushed out to them that beef up encryption and password requirements.

You will still be able to use those protocols, however: HP said that sysadmins will be able to re-enable those services. Let’s hope this goes down better with its customers than a firmware update that blocked the use of third-party ink cartridges – which HP later reversed.

Catch up with all of today’s stories on Naked Security