As the holidays draw closer, kids are keeping their fingers crossed that they will wake up to the newest and coolest toys the market has to offer. Toy manufacturers are now producing "smart toys" that can interact with kids like never before. Take for example the My Friend Cayla doll. This doll connects to your WiFi network and and can talk and interact with you, play games, share photos, and read stories. Sounds like every girl's dream right? See for yourself how the doll works in this advertisement:
For only $50 you can get this interactive doll for your kids which will not only keep your kids entertained, but also record your kid's voice and possibly record video of your child to sell to advertisers! Wait, what? Yes, this doll is equipped with a microphone and uses Bluetooth to transmit video and audio over the internet. Once this information is recorded, it can be sold to advertisers for targeted advertising. The My Friend Cayla doll has come under scrutiny for its lack of privacy and was actually banned in Germany. It turns out anyone with a smart phone of their own that are within 30 feet of the doll can connect to the doll via Bluetooth and listen and record the conversations between the child and the doll.
If you're not convinced of the threat of smart toys yet, the My Friend Cayla doll is not alone. The I-QUE Intelligent Robot also operates as a "smart toy" and uses WiFi to transmit recorded information, often without parental consent. The truth is that many smart toys are sold with a lack of security measures.
The FBI sent out a consumer notice in July of this year which warns consumers of the security and privacy concerns regarding internet connected toys for children. "The features and functions of different toys vary widely. In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment. The collection of a child’s personal information combined with a toy’s ability to connect to the Internet or other devices raises concerns for privacy and physical safety."
If you are still set on buying your kids a smart toy this season, then you better follow these 10 steps recommended by the FBI:
1. Research for any known reported security issues using online resources from sites that conduct cyber-security research, consumer product reviews, and child and consumer advocacy
2. Only connect and use toys in environments with trusted and secured WiFi Internet access
3. Research the toy’s Internet and device connection security measures
4. Research if your toys can receive firmware and/or software updates and security patches
5. Research where user data is stored – with the company, third party services, or both – and whether any publicly available reporting exists on their reputation and posture for cyber-security
6. Carefully read disclosures and privacy policies (from company and any third parties)
7. Closely monitor children’s activity with the toys (such as conversations and voice recordings) through the toy’s partner parent application, if such features are available
8. Ensure the toy is turned off, particularly those with microphones and cameras, when not in use
9. Use strong and unique login passwords when creating user accounts (e.g., lower and upper case letters, numbers, and special characters)
10. Provide only what is minimally required when inputting information for user accounts (e.g., some services offer additional features if birthdays or information on a child’s preferences are provided).
Make sure Santa is aware of the security concerns this holiday season because clearly some of these toys are dangerous.