All you parents out there, the FBI has a warning for you. Interactive toys that connect to the internet are more popular than ever, and understanding the privacy and security risks they bring is anything but child’s play.
The Bureau’s Internet Crime Complaint Center (IC3) has issued a consumer notice on its website. Its aim is to encourage “consumers to consider cybersecurity prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments.”
Many of these high-tech toys can carry on a conversation, which requires a microphone. It’s very possible — even likely, the IC3 says — that those mics could be listening to any, not just playtime, chatter. If the toys hear something, there’s a good chance they’re also transmitting that data to a remote server.
That’s not necessarily a bad thing, but it is a cause for concern. Parents should verify that whoever is handling that data has the proper security and privacy safeguards in place.
Another risk the IC3 wants parents to be aware of is that personally identifiable information (PII) about their children could be collected. If a connected toy happens to leak details like the child’s name, physical address or phone number, that creates an opportunity for identity theft. Leaked GPS data (say, on geotagged photos that are uploaded) could allow someone to pinpoint your child’s physical location.
The IC3 offers several tips for ensuring that your children remain safe when they’re playing with connected toys. The full list is well worth reading, but a few key points are:
- Only connect and use toys in environments with trusted and secured Wi-Fi internet access
- Closely monitor children’s activity with the toys (such as conversations and voice recordings) through the toy’s partner parent application, if such features are available
- Carefully read disclosures and privacy policies
It may be difficult for some parents to believe that simply playing with toys could have such disastrous consequences, but the risk is very real… and the leaks are already happening.
One U.S. toy maker was caught leaking all kinds of data — including private photos — of the kids that played with their toys. In February, the German government took the extraordinary step of banning an internet-connected doll over concerns that it could be hacked and used to spy on children. Kids’ gadget maker VTech has dealt with its fair share of incidents, too.