Protect Yourselves (and Your Children) from Internet Connected Toys

Posted on:

Once upon a time, toys were a straightforward affair. You purchased one, gave it to your kid as a gift and they played with it. The rise of the internet of things has seen toys move from being merely simple items that aid children in their play, to rather sophisticated pieces of technology. Talking dolls, bears or even baby monitors that comfort or listen to your child might sound very cool or even helpful. But, beneath the shiny veneer of convenience is a degree of risk that every parent ought to consider before getting their child one.

How They Work

The basic premise of interactive toys is that they communicate with your child to create a relationship. To do this, they leverage the internet to collect, process, send and receive data from servers. It sounds just like any other computer, right? Well, that’s because they are the same as your laptop or PC.
Smart toys comprise of the same internal components found in many computers and smart phones. These include:

• Microphones.

• Sensors.

• GPS.

• Cameras.

• Data storage hardware.

When interacting with your child, smart toys might ask them questions about themselves to build rapport. That information is sent to the manufacturer’s servers and includes:

• The area that you live in.

• Your child’s name.

• The school, your child, attends.

• You and your partner’s names.

They then store this personal identifying information (PII) them and use it to target you and your child in future marketing campaigns. Some manufacturers e.g. Genesis toys which sells the talking doll called Cayla, provide this personal information about your child to third parties.

Doing so without clear, parental consent is a clear violation of Section 5 of the FTC Act and the Children’s Online Privacy Protection Act (COPPA) that bans “unfair or deceptive acts or practices in or affecting commerce.”

Is My Child at Risk?

Internet-enabled toys might endanger your child in several ways.

• Child Identity Theft

Smart toys continuously collect data about your child through various means. The microphones record any conversations within their listening range and relay that information. This can include any identifying information your child shares or is mentioned as part of a conversation near the toy. GPS functions in the toy pin point its current location, providing your home address.The information collected through these means and more may be used to steal your child’s identity for unlawful purposes.

• Risk of Exploitation

Children can be overly trusting, and anyone with access to their information e.g. pictures, names, parents’ names, etc. can easily use it to manipulate them.

How Can I Protect My Child?

There are several measures you, as a parent, can take to ensure that you protect your child from undesired and unnecessary risks associated with smart toys.

• Keep Them Updated

If you opt for a smart toy, find out if the manufacturer sends regular updates for its software or firmware. If they do, ensure that the toy is always running on the latest update. New versions of software incorporated in electronics are released to patch any bugs or security issues that have been detected recently.

Not updating it leaves your child at risk of known security exploitations associated with the old software or firmware. If a toy does not receive regular updates, consider replacing it with one that does to avoid unnecessary exposure.Research online to find out if there are any known persistent security issues. Toys that continually fail to offer adequate protection quickly gain a negative reputation among parent communities on the internet. This is handy information to have.

• Use A Secure Internet Connection

Smart toys rely on the internet to function. If the said internet connection is not secure, it is easy for nefarious third parties to hack the toy. The most common type of tactic used is the man in the middle attack. A bad actor interferes with the connection between the toy and the Wi-Fi access point to take control of it. This particular vulnerability has been demonstrated by penetration testers, i.e. ethical hackers who test the security limitations of devices in concert with their manufacturers, to improve them. Ken Munro from Pen Test Partners, exposed security flaws in the smart doll Cayla by hacking her to making her say, “Calm down, or I will kick the shit out of you.”
Use the toy with a verified internet connection. Avoid public Wi-Fi hotspots as they are highly vulnerable to hacks. Find out if the toy encrypts data when sending it to the cloud or Wi-Fi access point, to protect the personal information. When using Bluetooth, add a password or code when pairing.

• Read the Privacy Policy

Smart toys come with long, dense and jargon-filled privacy disclosures and user agreements that can be hard to read. Hidden in this fine print are many things that directly affect your child. You, therefore, need to take time and find out what they contain. Check to see where your child’s data is being stored, if your permission is required to share it with third parties, if you will be notified in case of a data breach, etc.

• Use the Parent App

Certain smart toys come with a companion app for parents. Use this to monitor how your child uses the toy continually. Any anomalous behavior that might cause concern will be easy to spot due to change in behavioral patterns.

Other tips to keep in mind

• Use strong passwords when creating user accounts. Combine lower and upper-case letters with numerals and symbols. Don’t use your child’s date of birth or other such identifiers that are easy to decode.

• Provide the least required information when setting up a user account for the toy. The less data you furnish, the lower the risk of identity theft.

• Turn off the toy when it’s not in use to prevent it capturing data or a third party watching or listening in.

• Adopt software that enhances the security of your home internet network e.g. VPNs to keep your data anonymous in case of a hack. Research online for routers that are known to be less susceptible to external intrusion.

• Take a look at the recently released public warning by the FBI concerning smart toys and security.
Jump to top