Connected toys are great fun and very dangerous
Some games and toys are security nightmares. We aren’t talking about sharp edges, toxic materials or small parts, but hacking and targeted marketing.
The rise of the “Internet of Things” conquered the toy market from the very beginning. Stores and e-commerce sites all promote these toys of the future, which will apparently be more fun and offer wider functionality and greater security. But reality calls for a little more caution.
Cuddly toys, robots and apps keep a close eye on your children and gather information about them. They can also be used as backdoors by hackers. Here’s how to protect your children and your network.
Strangers can communicate with your children
The first flaw in these connected toys is the lack of authentication when connecting with a smartphone or tablet via Wi-Fi or Bluetooth.
This means that anyone who downloads a free app and connects to the toy in question is able to communicate with your child. In 2015, it was discovered that Hello Barbie, a connected Barbie doll connected automatically to unsecured Wi-Fi networks called “Barbie”. Anyone who configured a Wi-Fi network with that name was therefore able to communicate with children.
In 2017, security researchers established that the same thing could happen via Bluetooth with other toys such as Toy-Fi Teddy, I-Que Intelligent Robot and Furby Connect.
The same year, other security researchers hijacked a smart toy and used it to place an order via an Amazon Echo smart speaker in the same room.
Your children are being watched
Toys’ ability to watch children can be scary. Some stuffed animals only record a period of activity or a location, while others are able to store photos or listen to and answer a child’s questions.
These toys connect wirelessly with online databases to recognise voices and images, identify children’s requests, commands and questions. It is claimed that they offer a new play experience or that they help teach reading, writing or social skills.
The problem with these connected toys is that they raise privacy issues. This is particularly scary given children's vulnerability and innocence. To protect your child’s privacy, take time to check what information is collected and how it will be used.
Just as Facebook shared its users’ data with Cambridge Analytica, toy manufacturers could also share the information they collect about children with other companies.
Data could also flow the other way, with toys being used to advertise third-party companies based on the child’s preferences.
The company that produced the My Friend Cayla doll, for example, tried its hand at product placement by making the doll talk about its favourite Disney movie.
What can parents do?
The best thing to do is to stay informed about these various risks. Keeping a watchful eye will make you more able to assess the capabilities of connected toys, how they work and the security and privacy settings they allow.