The Federal Bureau of Investigation released a 2017 public service announcement alerting consumers to the potential dangers of “smart toys,” basically any toy that can connect to the internet. This applies to a range of toys currently on the market that have everything from microphones to cameras to cloud storage of audio, video, and other data collected from users.
The FBI raises concerns about toys negatively impacting your children’s privacy and security.
The features and functions of different toys vary widely. In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment. The collection of a child’s personal information combined with a toy’s ability to connect to the Internet or other devices raises concerns for privacy and physical safety.
Just as an example, imagine a child telling an internet-connected stuffed toy: “And we’re leaving tomorrow for Disney World. No one will be here for a week. I hope you won’t be lonely.” If the parent has provided their address as part of the toy’s “activation” or the toy has GPS capability, potential bad guys know that your house will be empty – perhaps too tempting for robbers.
In moving rapidly to bring internet-connected toys to the market, manufacturers (particularly manufacturers of overseas-produced inexpensive “knock-off” versions of popular toys) might have overlooked proper security measures or not fully complied with the Children’s Online Privacy Protection Rule and Federal Trade Commission’s guidance for these types of technology. For this reason, the FBI has advised parents to be mindful of the implications of poorly secured smart toys and offers several tips for you to improve the security of internet-connected toys:
– Use strong and unique login passwords. This includes changing any default passwords provided by manufacturers. While those passwords may seem strong and unique, manufacturers often assign the same password to all or many devices. Passwords should be changed immediately to ones that only you can possibly know.
– Ensure your toys are running on the most updated versions. Failing to update the device’s software may make it vulnerable to hacking or other problems. You may or may not be automatically prompted to install updates. Kroll recommends changing the device settings to receive automatic updates whenever possible.
Many internet-enabled toys and devices will come with an app that can be downloaded onto a smartphone, giving you control of the device anywhere you can connect to the internet. You need to consider the privacy and security of that app as well as the toy itself. Review the app’s settings and policies carefully for what will be shared and potentially accessed.
If your child grows tired of the toy, be careful when giving it away or reselling it. Your child’s information should be deleted before you discard it. Manufacturers should offer guidance on how to remove your child’s information. Additionally, if your child loses the toy, immediately contact the manufacturer to ask how stored data can be removed.