• Skip to main content
  • Skip to primary sidebar
Scambusters
menu icon
go to homepage
search icon
Homepage link
  • Get Our Weekly Scambusters Newsletter
  • Advice
  • Avoiding Scams
  • Scammer Techniques
  • Identity Theft
  • Consumer Help
  • Phishing
  • Bank
  • Phone
  • Urban Legends
×

Smart Toys Pose Threat to Child Privacy and Security

Smart Toys

Some smart toys record what your kids say, others are open to hacking: Internet Scambusters #751

Interactive smart toys are a great way to educate and entertain children.

But some of them may be "smarter" than you think -- by recording what your kids say and sending the conversations back to the toymaker without your permission.

In other cases, some smart toys could be used by hackers, as we explain in this week's issue.

Now, here we go...


Smart Toys Pose Threat to Child Privacy and Security


Smart toys, which interact with their young owners, are all the rage these days, and we can only imagine that their popularity is going to continue to rise.

This year's New York Toy Fair was full of them and experts say the market will be worth $8.8 billion within three years.

But these toys carry a very real threat to privacy, which is likely to grow alongside their popularity.

If you're a parent or concerned about protecting other children in your family, you need to know what's happening and how to take steps to protect their privacy.

We've already written in the past about the so-called Internet of Things (IoT), which connects many different types of appliances to the Internet, making them potentially vulnerable to hackers: How the Internet of Things Threatens Your Security.

And we've warned you about smart TVs that can monitor their owners' viewing and send reports back to their manufacturers: How to Prevent Your TV Spying on You.

But in the latest development of this trend, it's been discovered that some interactive talking dolls can capture information about the kids who play with them -- "spy toys," as one consumer site called them.

More Scam Reports:  Cash for Clunkers Scams Flourish Amid Confusion

In one case, conversations were allegedly recorded, translated to text by voice recognition software, and then sent back to the toymaker for analysis, supposedly so that the interactivity could be refined and made more effective.

On the face of it, improving functionality seems not unreasonable, but who's to say what else might be recorded and used?

In another case, reported by the technology website CNET, 2.2 million voice messages between children and their parents via web-connected stuffed animals have been exposed on a website.

"The account information of more than 800,000 users, which included email addresses and easily guessed passwords, was stored on an online database that could be viewed by anyone -- no password required," added CNET.

Security experts claim that the site on which these details, and even some photos, were stored was accessed by hackers who held its contents for ransom. This allegedly happened not once, but twice, and the compromised database is now said to be circulating on the dark web -- the part of the Internet used by crime groups.

CNET went on to list a number of other toys that it said were vulnerable to hackers, some produced by well-known, leading manufacturers.

Several companies involved were later said to have changed their security arrangements.

Two Privacy Worries

So, there are two privacy worries here:

First, there's the possibility of manufacturers getting access to personal information from children without the consent of parents.

This may be an infringement of COPPA -- the Children's Online Privacy Protection Act.

More Scam Reports:  10 Ways To Protect Yourself From Robotext Spam

And second, there's the chance that information, even if it's collected with parents' consent, could be vulnerable to hack attacks.

As with other IoT devices, there's also the possibility that hackers may be able to gain direct access to some toys.

Though there's no evidence this has happened yet, one security researcher who discovered the ransom incident said the stuffed animals could easily be turned into remote surveillance devices.

"Anyone within range --10 meters with a normal smartphone -- can just connect to it," he was reported as saying. "Once you're connected you can send and receive commands and data."

You can actually see a one-minute video demonstration of this hack in action here:

What Can You Do?

Is there anything you can do to protect children against this type of vulnerability?

Sadly, at the moment, the answer from a technical viewpoint is “No."

However, being aware of the risk is your first line of defense.

As Motherboard, one of the security websites that exposed the dangers, commented: "(I)f you are a parent who doesn't want your loving messages with your kids leaked online, you might want to buy a good old-fashioned teddy bear that doesn't connect to a remote, insecure server."

That's too simple an answer. As we said earlier, interactive toys and even personalized robots are going to become very much a part of our lives in the coming years.

IoT product makers are being urged to toughen up on their security and at least one complaint about the talking dolls has been filed with the Federal Trade Commission.

More Scam Reports:  SCAMMED! Don't Let What Happened To These Victims Happen To You

In the short term, the best practical solution is for parents to fully audition the interactivity of toys and to let children use them only in their presence.

This may sound a bit like science fiction to you -- we certainly understand that. But the risk of smart toys being smarter than we think and smarter than they should be is here with us today, and here with us to stay.

In the longer term, this isn't just an issue for kids. If you use any kind of listening device, you should be aware that most of them also save voice data. In one recent, serious court case, there was a debate about an Amazon Echo device being a potential witness to an alleged murder.

So, whether it's a smart toy or a smart assistant, remember that old wartime saying -- "Walls have ears," although, in this case, just about everything has ears. So be careful what you say!

Alert of the Week

Let's stay with this week's subject about smart-device spies.

Consumer magazine Consumer Reports has recently published a guide: How to Turn Off Smart TV Snooping Features.

Everyone with an interactive TV should read this.

That's it for today -- we hope you enjoy your week!

« How Rent-to-Own Deals Can Lead to a Scam
Cash for Keys Squatters Hold Homes for Ransom »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Search For Scam Info

Popular

  • teenager safety online
    Protect Your Teenager from Being Targeted Online
  • real estate scams
    Buyer Beware: Real Estate Scams and How To Avoid Them
  • public assistance
    Public Assistance Scams: How to Protect Your Benefits
  • online gaming
    Online Gaming Scams Exploit Your Children – What You Need to Know to Protect Your Kids (And You!)

Footer

↑ back to top

About

  • Privacy Policy
  • Terms & Conditions

Newsletter

  • Sign Up! for emails and updates

Contact

  • Contact

Copyright © 2024 Scambusters.org and Breakthrough Consulting, Inc.