Some ‘smart toys’ could be a dumb buy
FBI warns items have potential to leak information about children
The acronym IoT has a new meaning — “internet of toys” — and just like the old abbreviation, for Internet of Things, this one comes with urgent cybersecurity warnings.
The FBI is cautioning that internet-connected toys, also known as “smart toys,” can be compromised by hackers.
The FBI’s Internet Crime Complaint Center goes into extraordinary detail in its release, saying strangers can pinpoint your address, snag children’s names and birth dates, download your son or daughter’s photo, and even listen in on your conversations and record your child’s voice.
“The potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks,” the release states.
So what types of toys should parents scrutinize? The FBI and SecurityIntelligence.com highlight several risk factors.
Be cautious if the toy: Connects directly to the internet via Wi-Fi
Connects via Bluetooth to a device which is, in turn, connected to the internet
Contains speakers
Contains microphones Contains a recording device Contains cameras Contains wireless transmitters and receivers
Has speech recognition capability
Has GPS capability
Connects to a mobile app Requests name, address, date of birth or other personal information when you register
Stores your data internally
Sends your data to the manufacturer and/or partners Has cloud connection capability Remains connected to the cloud even when it’s off
Does not come with an End User
License Agreement, or EULA
The cloud storage provider is not identified in the EULA.
Some other internet-connected dolls have come under fire.
In February, Germany banned one called My Friend Cayla and advised parents who already own one to destroy it.
Cayla, made by Genesis toys, contains an internal microphone that criminals could use to listen in on children.
But that’s not all. The Norwegian Consumer Council says strangers could also speak to children through Cayla and demonstrated how it could be done in a well-produced YouTube video.
How available are internet-connected toys?
A quick online search revealed smart toy technology housed in dolls, stuffed animals, dinosaurs, unicorns, teddy bears, stationary bicycles, wrist bands, children’s tablets — and more.
Meanwhile, the FBI suggests parents take several steps to protect their children from the potential dangers of internet-connected toys.
AMONG THOSE STEPS:
1. Look for internet-connected toys that are certified by an FTCapproved group that has verified they protect children’s privacy.
2. Before buying a smart toy, do an online search to see if there have been negative reports or reviews.
3. Read the company’s user agreement and privacy practices and make sure you’re OK with them.
4. Pay particular attention to where your data is stored or sent, including third-party services — and research their reputation.
5. Connect toys only to a secure Wi-Fi access point.
6. If the toy uses Bluetooth, make sure it requires PINs or passwords when pairing with internet-connected devices.
7. Make sure the toy uses encryption when transmitting data to the Wi-Fi access point, the server or the cloud.
8. See if the toy can receive software updates and security patches and, if so, update to the most recent version.
9. Find out if the company will notify you if it suffers a data breach, discovers vulnerabilities in its toy or changes its disclosures.
10. Provide as little personal information as possible when setting up user accounts for the toy.