New technologies are certainly getting smarter, but not necessarily more secure. That red flag should be reason enough for pause in deciding whether the risks of toys that are connected to the internet are worth the online conveniences they provide.
Many toys contain security holes
The FBI put out a warning earlier this year saying these types of toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options. “These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.”
Other consumer advocate tests found that four out of seven tested smart toys could be easily hacked over Bluetooth, because they just don’t take the necessary steps to secure the connection.
It goes beyond personal information
“The potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks,” according to the FBI.
Case studies: recent hacks
In 2017, security researchers that CloudPets (toys that allows you to send and receive voice recordings) had left their entire database of 2 million recordings of children and parents open to the internet.
VTech, a company that makes toy tablets and laptops for kids, lost personal information for kids and parents (including home addresses) in a public data breach in 2015. Germany has even banned kids’ smart watches as “illegal spying devices” after they were shown to be insecure.
Could the toys actually be hacked?
Many experts say the risk is low because Bluetooth hacking requires a close proximity to the device. That again begs the question, is the risk worth the benefit?
Even the FBI isn’t saying stay clear of internet-enabled toys, but they do “encourage consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes . . .”
Try this research
Mozilla (Firefox web browser’s parent company) has a holiday shopping guide on making informed decisions on connected devices.
DoIT also recommends using smart cybersecurity practices including securing your computer, securing mobile devices, and protecting your identity online. If you have security concerns about your devices, the DoIT Help Desk is available to answer your questions.