On July 17, the FBI issued a warning to parents that internet-connected toys could pose privacy risks to children
On Monday, the FBI released a public service announcement that smart toy sensors such as cameras, microphones, and GPS trackers raise concerns regarding the privacy and physical safety of children.
“These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed,” the FBI warns. It also says you should switch them off when they’re not being used.
Sensors inside the toys include GPS, data storage, and speech recognition components, all which could be used to exploit kids.
The announcement also highlights that these internet-connected, or “smart,” toys can collect children’s personal information, such as a child’s name, school, preferences, and activities when conversing with the smart toy or talking near it. “In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment,” it says.
Security experts have repeatedly warned about the dangers of IoT security laziness, and as the FBI announcement explains, “Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use.”
Andrew Newman, the CEO of Reason Core Security, says, “As the digital attack surface continues to expand, thanks to the explosion of internet-connected devices, it’s easier than ever to lose sight of what’s running on our networks. The scary part is that these devices aren’t being developed with security in mind, which leaves lots of room for vulnerabilities. Attackers are fully aware of this reality and scan networks for vulnerable device connections.” He adds that, “When it comes to IoT, the onus of security is likely going to fall on the consumer at least to some degree and therefore increase awareness and visibility is key to staying secure.”
What should you watch out for as a parent?
There have been numerous incidents of poorly secured internet-connected toys exposing children and parents to privacy risks. CloudPet, Hello Barbie, and hereO Watch have all compromised children’s privacy.
Here are some tips on what the parents out there can do before purchasing an IoT, smart or Internet-connected device.
First, if you can, we would recommend completely avoiding these kinds of smart toys. But if you have already bought smart toys for your kid, you should do the following:
- examine the firm’s user agreement disclosures and privacy practices.
- understand where the data are collected and stored.
- if collected, understand where it’s been sent.
Also, scour these policies for references to third parties that a company may disclose to. A toy’s data may go farther than you think. Try to do some other research to find out if the company that makes a certain toy has a history of data breaches, and what its policy is about data loss.
Parents should further make sure that:
- the device firmware is updated.
- their PCs are properly protected.
- the Wi-Fi is secure.
And finally, when those smart toys aren’t in use, turn them off.