Children’s toys connected to the internet come with serious privacy and safety risks as Smart Toys or Internet-connected Toys often contain several smart features that could disclose significant personal information. These days many parents like to buy new toys for their children that are connected to the Internet. But before you buy them there are a few things you should know.
Dangers of Internet-connected Toys
Smart or Internet-connected toys typically contain sensors, microphones, cameras, data storage components, speech recognition and GPS options. Such toys collect information, which is further sent and stored by the manufacturer or developer via server or cloud service. The collected data can include voice recordings, toy web application passwords, home addresses, Wi-Fi details or sensitive personal data. These hi-tech features could, therefore, put the safety and security of the children at serious risk. The possibility of hackers exploiting these toys to spy on users.
A recent advisory released by the US Federal Bureau of Investigation reads,
“Communications connections where data is encrypted between the toy, Wi-Fi access points, and internet servers that store data or interact with the toy are crucial to mitigate the risk of hackers exploiting the toy or possibly eaves dropping on conversations/audio messages,”
Hackers also target Bluetooth toys
While pointing out toys using encrypted communications are vital in alleviating the security risk, the FBI said that not all toys implement such features. Unprotected Bluetooth-connected toys that do not require PINs or passwords when pairing with a mobile device. These also pose a significant risk for unauthorized access.
Toy companies at risk
Another data risk involves the toy companies themselves. This is because these companies collect “large amounts of additional data, like voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs.” Hence, they could be bright targets for the hackers.
Parents should therefore to review the toy company user agreement disclosures and privacy practices to find out where their family’s personal data is sent and stored, together with if it’s sent to third-party services.
Cases of security issues with toys
Several cases of security issues with toys have already begun to pop up. In February 2016, Internet-connected toys made by Fisher Price and HereO were found to have susceptibilities that would allow a hacker to gain access to them easily. Another case occurred in February this year, when data from Spiral Toys Inc., was found to have been exposed and downloaded by hackers. Also, Germany banned the popular My Friend Cayla dolls, manufactured by US company Genesis Toys, over privacy and spying concerns.
Precautions to take when buying Smart Toys
- Check if there are any known security issues for any Internet connected toys that they intend to buy or have already purchased.
- Check the toy’s security measures like Bluetooth authentication and encrypted data transmission.
- Check if the company behind the toy issues firmware/software updates, in cases where they don’t make sure to have it installed.
- Finally, research where data from the toy is stored and whether the company storing it, has a good reputation for security.
The FBI’s warning on Internet-connected toys highlights the potential safety issues posed by the growing “connected devices” market which allows everything from refrigerators to cars to be connected to the internet. It’s time to take the dangers of Smart or Internet-connected Toys seriously and never overlook security safeguards.
Read next: Dangers of Internet of Things.