IoT Security Failures: Same Mistakes, Different Devices

Ken Munro of Pen Test Partners on Why IoT Security Still Lags and What Must Change Mathew J. Schwartz (euroinfosec) • June 20, 2025

IoT manufacturers continue making the same fundamental security mistakes that leave consumers vulnerable. From the infamous Cayla doll that was banned in Germany to Fisher Price's latest smart chatterbox phone, Ken Munro, CEO of Pen Test Partners, has seen this pattern repeatedly. The Fisher Price chatterbox, like the Cayla doll before it, lacks proper Bluetooth pairing security, allowing strangers to connect to the device's microphone.

See Also: SASE and Zero Trust: The Backbone of Integrated Security (eBook)

"What frustrated me was it connects with Bluetooth, and the manufacturers Fisher Price Mattel made the same mistake as 'My Friend Cayla,' which meant, again, someone could creep on your kids and spy on you," Munro said.

The problem extends far beyond toys, Munro warns. Smart locks with ...