Children’s toys connected to the Internet come with serious privacy and safety risks. Smart Toys or Internet-connected Toys often contain several smart features that could disclose significant personal information. These days many parents like to buy new toys for their children connected to the Internet. But before you buy them, there are a few things you should know.
Dangers of Internet-connected Toys
Smart or Internet-connected toys typically contain sensors, microphones, cameras, data storage components, speech recognition, and GPS options. Such toys collect information, which is further sent and stored by the manufacturer or developer via a server or cloud service. The collected data can include voice recordings, toy web application passwords, home addresses, Wi-Fi details, or sensitive personal data. Therefore, these hi-tech features could put the safety and security of the children at serious risk—the possibility of hackers exploiting these toys to spy on users.
A recent advisory released by the US Federal Bureau of Investigation reads,
“Communications connections where data is encrypted between the toy, Wi-Fi access points, and internet servers that store data or interact with the toy are crucial to mitigate the risk of hackers exploiting the toy or possibly eaves dropping on conversations/audio messages,”
Hackers also target Bluetooth toys.
While pointing out that toys using encrypted communications are vital in alleviating the security risk, the FBI said that not all toys implement such features. Unprotected Bluetooth-connected toys that do not require PINs or passwords when pairing with a mobile device. These also pose a significant risk for unauthorized access.
Toy companies at risk
Another data risk involves the toy companies themselves. These companies collect “large amounts of additional data, like voice messages, conversation recordings, past, and real-time physical locations, Internet use history, and Internet addresses/IPs.” Hence, they could be promising targets for hackers.
Parents should, therefore, review the toy company user agreement disclosures and privacy practices to find out where their family’s data is sent and stored and if it’s sent to third-party services.
Cases of security issues with toys
Several cases of security issues with toys have already begun to pop up. In February 2016, Internet-connected toys made by Fisher Price and HereO were found to have susceptibilities that would allow a hacker to gain access to them quickly. Another case occurred in February this year when data from Spiral Toys Inc. was found to have been exposed and downloaded by hackers. Also, Germany banned the popular My Friend Cayla dolls, manufactured by US company Genesis Toys, over privacy and spying concerns.
Precautions to take when buying Smart Toys
- Check if there are any known security issues for any Internet-connected toys they intend to buy or have already purchased.
- Check the toy’s security measures like Bluetooth authentication and encrypted data transmission.
- Check if the company behind the toy issues firmware/software updates in cases where they don’t make sure to have it installed.
- Finally, research where data from the toy is stored and whether the company storing it has a good reputation for security.
The FBI’s warning on Internet-connected toys highlights the potential safety issues posed by the growing “connected devices” market, allowing everything from refrigerators to cars to be connected to the Internet. It’s time to take the dangers of Smart or Internet-connected Toys seriously and never overlook security safeguards.
Read next: Dangers of the Internet of Things.
Are Bluetooth toys safe?
Some parents may be wary of Bluetooth-enabled toys, as there have been reports of hackers gaining access to the devices and using them to eavesdrop on conversations. However, as long as you take care to only purchase toys from reputable manufacturers and keep them updated with the latest security patches, there is no need to worry about your child’s safety.
What are the security risks associated with the use of IoT toys?
Internet-connected toys, also known as “smart toys,” are becoming increasingly popular, but some security risks are associated. Hackers may gain access to the toy’s data, including information about the child playing with it. They may also be able to control the toy remotely, which could pose a safety hazard. Parents should be aware of these risks and take steps to protect their children.