Connected Toys Are the Weak Security Link

Dec 13, 2016

“Internet of Things” and “smart homes” are the latest trends to see a major upswing in the world today. Notwithstanding a new trend has emerged, and it is in the form of smart toys. Yes, children toys are the latest items to be internet enabled, and allowed for things like predictive behavior so the toys basically “learn” as time goes on as your child interacts with the toy. In addition, some of these toys allow kids to post photos and setup screen names with parental accounts established first. All these toys do require parents to sync with a mobile app on their smartphone or tablet, and register using personal credentials (address, phone number, email) by the parents. Now that these devices are connected the internet, it becomes another avenue for hackers to intercept the transmitted information and use it for their own personal malice. In 2015, hackers breached toy maker Vtech and stole millions of records including real names, birthdates, addresses, and other identifiable personal information leaving users compromised and their personal security at risk.

How many parents out there are internet security professionals along with their kids? Usually none are, however parents need to exercise caution when setting up these smart toys for their children and take the necessary precautions to not only protect themselves, but protect their children as well:

  1. Do your homework first before deciding to purchase that smart toy. Do an online search for the name of the toy and append one of the following words at the end: hacked, security, vulnerability, breach to determine if anyone has reported security compromises with those specific toys.
  2. If possible, make sure the software running on the toys is completely patched and up to date. It is no different than adults purchasing a smartphone, laptop, or tablet. Those are updated first before use, and these toys are no different. There could be the off chance that an update or patch was released well after the toy was shipped to you.
  3. Always review the privacy policy associated with the smart toy before handing it over to your child. This isn’t to replace any other protective measures recommended, but it shows the vendor takes it very seriously.
  4. If the smart toy does connect to Wi-Fi, please make sure access is limited to private secured wireless networks (like select home networks). Never connect the toy to a public Wi-Fi network. Public Wi-Fi networks are often unencrypted, and this is easy access for a hacker to obtain personal data transmitted.
  5. Parents, when registering your child’s toy if necessary, it is ok to use some false information instead of real information like address, date of birth, and even real names (use screen names instead). This way, if the toy does suffer a security breach, they have only retrieved fake information and your personal information is safe.
  6. If possible, ensure the smart toy does not share its location publicly. This is another way hackers can obtain sensitive information when toys “check-in” to places in real time. Although the risk now is very low, this cannot be ignored.
  7. Last but certainly not least, if you can, run a malware scan on the smart toy to ensure the device was not inadvertently loaded with malicious software (called malware). Talk to a security professional if you have any questions about this part, as it can be more complex.

While it seems cool to provide your children with the latest interactive experience with their toys, great caution needs to be exercised to protect their private information and your own. These toys are no longer exempt from the bad guys, and vendors cannot sweep this under the rug since the rules no longer apply to just Internet access anymore.

Just like any mobile App parents may want to use it is important to have restrictions to limit when these connected toys can and cannot be used. Net Nanny provides powerful tools for parents see which Apps their kids are using and create limitations on their use, helping to ensure these “always connected” toys are not “always on”.

Source: ABC News