Endpoint Security , Events , Governance & Risk Management
IoT Security Failures: Same Mistakes, Different Devices
Ken Munro of Pen Test Partners on Why IoT Security Still Lags and What Must Change
IoT manufacturers continue making the same fundamental security mistakes that leave consumers vulnerable. From the infamous Cayla doll that was banned in Germany to Fisher Price's latest smart chatterbox phone, Ken Munro, CEO of Pen Test Partners, has seen this pattern repeatedly. The Fisher Price chatterbox, like the Cayla doll before it, lacks proper Bluetooth pairing security, allowing strangers to connect to the device's microphone.
See Also: From VPN to Hyperscale: Island Reimagines the Browser
"What frustrated me was it connects with Bluetooth, and the manufacturers Fisher Price Mattel made the same mistake as 'My Friend Cayla,' which meant, again, someone could creep on your kids and spy on you," Munro said.
The problem extends far beyond toys, Munro warns. Smart locks with poor physical security can be opened with a simple drill, while connected environmental technologies such as solar panel inverters and heat pumps expose Wi-Fi network keys.
In this video interview with Information Security Media Group at Infosecurity Europe 2025, Munro also discussed:
- How the ETSI 303 645 standard provides essential guidance for secure IoT development;
- Why vendors must clearly communicate product support life cycles;
- The security risks introduced by a first-mover, go-to-market mindset.
Munro is an advocate for IoT reform. He has briefed U.K. and U.S. governments and contributed to various E.U. consumer councils on regulatory and security matters. He blogs on topics ranging from smart building security to car hacking.
