Any internet-connected toys that have cameras, microphones, or location tracking may put children’s or parents’ privacy and safety at risk. That could be a talking teddy-bear, a smart car, or a tablet designed especially for kids. With companies pushing the new toys into the market, security safeguards may go overlooked.
“Parents should be aware of what they are bringing home to their children. Once you connect anything to the internet, it may potentially be exposed to cybercriminals. Once they are in, hackers can use the toy’s microphone or camera to hear and see whatever the toy ‘sees’ and ‘hears.’ In some cases, some shady guys from the internet can even talk to children,” explains Daniel Markuson, a digital privacy expert at NordVPN. “The problem of the vulnerability of connected toys isn’t new, but it’s snowballing, as more and more smart toys reach the market every year.”
Lately, expert warnings about the vulnerabilities and threats of smart toys are becoming more common. Just last month, a security flaw was found in the TicTocTrack smartwatch for kids in Australia. This flaw allowed to track children, eavesdrop on them, and even call them. Interestingly, the company behind the GPS smartwatch was backed by one of the Australian regional governments.
And this case is not an exception. Security failures were discovered in such well known and advertised toys as Furby Connect, CloudPets, i-Que Intelligent Robot, and Toy-Fi Teddy.
Official state institutions in various countries have even banned some smart toys. For example, in 2017, Germany’s Federal Network Agency banned ‘My Friend Cayla’ dolls and allowed retailers to sell them only if they disengaged its ability to connect to the internet. The Norwegian Consumer Council gave similar evaluation regarding this toy.
However, the largest known breach that targeted sensitive information about children happened in 2015. A cyber attack on the digital toymaker VTech Holdings exposed the data of over 6.4 million people, mostly children. The hacked data included names, genders, and dates of birth.
Parents can never be too careful when it comes to protecting their child. There are a few basic rules from NordVPN’s digital privacy expert to follow when choosing a smart toy for a kid:
Don’t give away your information. Some toys and games require registration for full playing experience or to provide updates. When registering, be careful about the information you hand over. The developers need your email to let you know about updates, but other information is mostly unnecessary. If, for example, it requires your kid’s birthday, you can always lie a bit.
Use only secure Wi-Fi. Before connecting the smart toy to a Wi-Fi network, make sure it is secure and has a strong password. Connecting such gadgets to a public Wi-Fi network is not advised, as those are easily hackable. By the way, set a password on the toy as well, if it allows that.
Check the chats. Some smart toys allow kids to chat with other children playing with the same toy or game. Be sure to explain to your kid what personal information is and why they can’t share it. From time to time, check the messages to make sure your children are not talking to strangers pretending to be kids. Reputable manufacturers will offer ways for parents to review the stored information.
Power it off when not used. It is advised to power off the smart toy when not used so that it stops collecting data. If the item has a microphone, throw it in a drawer or chest, where it’s harder to record conversations. And toys with a camera can be covered or placed facing a wall.
Report the breaches. If you noticed something unusual or a toy was compromised by a hacker, be a good citizen and always file a complaint to the state authorities. It might not help you, but it will make the internet a safer place for everyone and will press the manufacturer to stop overlooking security safeguards.