Be­ware the hol­i­day ‘smart toys’ that spy on your kids

Lodi News-Sentinel - - BUSINESS - By Chris­tian Hetrick

Chil­dren talk to their toys as if they’re re­ally lis­ten­ing, some­times con­fid­ing in dolls and stuffed an­i­mals.

Now toys are ac­tu­ally lis­ten­ing. And re­mem­ber­ing.

This hol­i­day sea­son, shop­pers can buy “smart toys,” in­ter­net con­nected play­things equipped with mi­cro­phones, cam­eras, and the abil­ity to col­lect reams of data about chil­dren.

Con­sumer ad­vo­cates warn the toys pose pri­vacy and se­cu­rity risks for kids. Se­cu­rity ex­perts have shown smart toys can be eas­ily hacked, and toy mak­ers have taken heat for ma­jor data breaches and shar­ing per­sonal in­for­ma­tion with third par­ties. Ex­am­ples in­clude a doll banned in Ger­many for record­ing chil­dren and a teddy bear with a hack­able cam­era.

Smart toys seem­ingly come to life uti­liz­ing “In­ter­net of Things” (IoT) tech­nol­ogy that has wire­lessly con­nected cof­feemak­ers, ther­mostats, and yes, toi­lets. But smart toys have proven to be par­tic­u­larly vul­ner­a­ble to cy­ber at­tacks. Man­u­fac­tur­ers try to keep toy prices low and lack an in­cen­tive to add rea­son­able se­cu­rity mech­a­nisms, said Kayne McGladrey, mem­ber of the In­sti­tute of Elec­tri­cal and Elec­tron­ics En­gi­neers, the world’s largest tech­ni­cal pro­fes­sional or­ga­ni­za­tion.

"Toys are ba­si­cally the poster child for bad se­cu­rity in IoT,” said Bree Fowler, cy­ber­se­cu­rity ed­i­tor at Con­sumer Re­ports. “Nest and Google, they have huge se­cu­rity de­part­ments. They can ac­tu­ally sink some cash into se­cu­rity when they build things if they choose to. Toys don’t re­ally have that back­ground. They’re not tech com­pa­nies.”

The FBI warned con­sumers last year that smart toys raise “con­cerns for pri­vacy and phys­i­cal safety” of chil­dren. The po­ten­tial risks range from hack­ers eaves­drop­ping on kids to steal­ing a child’s iden­tity. The min­ing of sen­si­tive data such as GPS lo­ca­tion, pic­tures or videos, and known in­ter­ests all could aid kid­nap­pers, the FBI wrote.

In Jan­uary, the Hong Kong­based elec­tronic toy maker VTech agreed to pay $650,000 to set­tle charges by the Fed­eral Trade Com­mis­sion after a data breach ex­posed the per­sonal in­for­ma­tion of mil­lions of par­ents and chil­dren, in­clud­ing names, gen­der, birth dates, and email ad­dresses. It was the FTC’s first chil­dren’s pri­vacy and se­cu­rity case in­volv­ing con­nected toys. And kids might not know the full ram­i­fi­ca­tions of smart-toy data breaches un­til they ap­ply for loans later in life and learn their iden­tity has been stolen, ex­perts said.

Last year, Ger­man of­fi­cials la­beled an in­no­cent-look­ing smart doll, My Friend Cayla, an il­le­gal “es­pi­onage de­vice” and asked par­ents to dis­able it. The blond, child­like doll recorded con­ver­sa­tions, trans­lated them to text, and shared data with third-par­ties, ac­cord­ing to a com­plaint filed in 2016 by con­sumer groups.

This went on de­spite the toy’s as­sur­ances that it would keep things con­fi­den­tial. If you asked the Cayla “can you keep a se­cret?” the doll said: “I prom­ise not to tell any­one; it’s just be­tween you and me.” The man­u­fac­turer, Ge­n­e­sis Toys, which is in­cor­po­rated in Hong Kong and head­quar­tered in Los An­ge­les, did not re­turn a re­quest for com­ment.

In­ter­net-con­nected smart toys are grow­ing in pop­u­lar­ity, with the $6 bil­lion mar­ket ex­pected to ex­pand to $18 bil­lion by 2023, ac­cord­ing to Ju­niper Re­search.

Fed­eral law re­quires com­pa­nies to get parental per­mis­sion be­fore col­lect­ing and shar­ing data of chil­dren un­der 13. The Chil­dren’s On­line Pri­vacy Pro­tec­tion Act also man­dates clear pri­vacy poli­cies. It gives par­ents ac­cess to their chil­dren’s data, and en­ables par­ents to have the per­sonal in­for­ma­tion deleted, among other rules.


Ger­man of­fi­cials have called the My Friend Cayla doll an il­le­gal "es­pi­onage de­vice" and have asked par­ents to dis­able it.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.