If your toy can spy, here’s how to know and what to do
The toys your kids unwrap this Christmas could invite hackers into your home.
That warning comes from the FBI, which said this year that toys connected to the Internet could be a target for crooks who may listen in on conversations or use them to steal a child’s personal information.
The bureau did not name any specific toys or brands, but it said any Internet-connected toys with microphones, cameras or location tracking may put a child’s privacy or safety at risk.
If you decide to let a kid play with it, there are ways to reduce the risks:
Before opening a toy, read reviews to see if there are any complaints or past security problems. If there have been previous issues, you may want to rethink keeping it.
Reputable companies will also explain how information is collected from the toy or device, how that data is stored and who has access to it. Usually that type of information is found on the company’s website, typically under its privacy policy. If you can’t find it, call the company. If there isn’t a policy, that’s a bad sign.
“You shouldn’t use it,” said Behnam Dayanim, a partner at Paul Hastings in Washington, and co-chair of the firm’s privacy and cybersecurity practice.
Companies can change their privacy policies, so read them again if you’re notified of a change.
Make sure the Wi-Fi the toy will be connected to is secure and has a hard-to-guess password. Weak passwords make it easier for hackers to access devices that use the Wi-Fi network. Never connect the toy to free Wi-Fi that’s open to the public. And if the toy itself allows you to create a password, do it.
When the toy is not being used, shut it off or unplug it.
And if the item has a camera, face it toward a wall or cover it with a piece of tape when it’s not being used. Toys with microphones can be thrown in a chest or drawer where it’s harder to hear conversations, Brill said.
You should register the toy; a software update may fix security holes, and you don’t want to miss that fix, says Brill.
But be stingy with the information you hand over; all they need is contact information to let you know about the update. If they require other information, such as a child’s birthday, make one up. “You’re not under oath,” said Brill. “You can lie.”
If the toy or device allows kids to chat with other people playing with the same toy or game, explain to children that they can’t give out personal information, said Liz Brown, a business law professor at Bentley University in Waltham, Mass., who focuses on technology and privacy law.
Discussions are not enough: Check the chat section to make sure children aren’t sending things they shouldn’t be, Brown said. People could be pretending to be kids to get personal information. “It can get creepy pretty fast,” said Brown.
If a toy was compromised by a hacker, the FBI recommends reporting it through its Internet crime complaint center at www.ic3.gov.