The FBI yesterday released a public service announcement (PSA) alerting parents to the dangers potentially imposed by smart toys.
Early this year, security researcher Troy Hunt, reported that a series of web-connected, app-enabled toys called CloudPets have been hacked. The manufacturer’s central database was reportedly compromised over several months after stunningly poor security, despite the attempts of many researchers and journalists to inform the manufacturer of the potential danger. Several ransom notes were left, demanding Bitcoin payments for the implied deletion of stolen data.
The FBI document warns that connected toys with microphones, GPS tracking, Wi-Fi, and/or bluetooth connectivity could be giving criminals access to private information about children and their families. This could lead to identity theft or worse:
The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.
There are valid concerns about security here – everything else that connects is being attacked or hacked. It follows that toys aren’t going to have better protections than banks or government buildings. The FBI encourages parents to educate themselves:
Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use. Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.
Unless we start tossing out tech and buckling down on being old-fashioned, our kids are going to have connected toys and learning devices. We love gadgets. A little risk management goes a long way, and research is a parent’s best tool.
The FBI suggests parents conduct searches to determine if there have been any reported security risks with products. The PSA also directs consumers to ensure devices have up-to-date firmware and patches. Perhaps most importantly: parents should make certain they are monitoring children’s activities with smart toys.