Sensors inside kids’ toys could be putting their privacy and even safety at risk.
Toys that are designed to be interactive don’t usually carry their processing power onboard. Instead they have a basic interface that connects back to HQ via wifi or Bluetooth to deliver their lines or make their karate chop actions. Basically, think a Chromebook with extra bright blue fur.
Trouble is that in order to work, they have to connect their every conversation with your kids with MegaCorp HQ.
Which would be fine except for two things.
- Those communications are a major target for crime.
- The corporations themselves can’t be trusted with the data they generate.
Now, before you suggest I tighten up my tinfoil hat and go out to look for Nessie again, this isn’t a whacko conspiracy theory.
It’s just that the real world is now so whacko that a simple description of it sounds exactly like paranoid ramblings. I remember the good old days, when if someone thought the government was trying to use the furniture to read their mind, they were definitely not correct…
Let’s take point 1, since I spend so much time hammering away at point 2 elsewhere.
Criminals are using toys to read your kids’ minds
Hackers can intercept the data from interactive toys just like any other data streams. And since it costs, oooh, 25¢ extra to make these toys even remotely secure, they aren’t.
In many cases the Bluetooth connections aren’t even password protected, meaning that researchers ‘did not need a password, pin or any other authentication to gain access.’
In fact, reports the Guardian, ‘little technical knowhow was needed to hack into the toys to start sharing messages with a child.’
Even without that particular horrorshow, they nearly all have appalling data security. Internet traffic from these devices is sent unencrypted.
The result is that hackers can pick up these data streams and turn them back into voice conversations – just like happens at Mattel HQ or wherever.
Then, they can use them to find out personal information about a child. Or hear something like ‘I can’t wait to go on holiday tomorrow!’ and suddenly they know the perfect time to come round to your house and fill up the van.
Crime prevention advice from the FBI: ‘Um…’
The Feebs aren’t really too sure what to do about this. Their advice is to read up online before you buy an interactive toy or let your kids play with one, and turn it down if it has known issues or online reviews flag it as dangerous.
Which sounds a bit like ‘let the buyer beware,’ and a bit like you’re not going to know there’s a problem until it’s too late. After all, how many reviews online were there about the recent Facebook data breaches? None. Users had no idea. It took investigative journalists to find that one out.
Other recommendations include using secure wifi, powering the toy down when not in use and providing false information when you register the toy to receive updates.
Hey kids, let’s chat
More worrying still is that many toys now allow kids to voice chat with other users of the same toy.
Nothing creepy ‘bout that.
In this case, the Bureau draws upon its decades of high-level criminal investigative experience to recommend that your kids not tell people anything about themselves.
Honestly: does that sound likely to you? Every child I’ve ever met has had one preferred topic of conversation: themselves. Manipulating that preference to encourage revelation of potentially dangerous personal information sounds like the most trivially easy piece of nastiness I can think of offhand.
‘Potential misuse of sensitive data’ from GPS, cameras and mics
Then there’s all the fun stuff these toys do all by themselves: GPS, data storage, speech recognition, and more, in addition to cameras and microphones.
Says the FBI’s Internet Crime Complaint Center:
‘The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.’
Boy, could it.
And let’s not forget the pathetic insecurity of the communications these things engage in. They could leak wifi and other passwords, home addresses and more, because their communications aren’t encrypted at all.
So when data insecurity comes for your kids, what should you actually do?
Crime prevention advice from me: ‘Um…’
Well, first, I’ve been pretty tough on the FBI in this post so far. But they have a hard row to hoe here. The only way to actually overcome the safety threats inherent in these toys is not to have them in the house.
That’s true wherever you live and whatever toy we’re talking about. It’s true for Amazon Echos and other voice search tools too.
I can’t stress this enough: these are creepy little spy robots, not toys, and they’re not safe and they never will be.
Granted that some people will insist on using them, the best advice is ‘try to be careful while you’re being careless.’
But if you’re going to use them, get a VPN on your home router so that all your internet traffic is anonymized and encrypted. That makes it harder for third parties to steal information. And like the FBI advises, lie about how old you are, how old your kids are and where you live. Muddy the trail.
Here’s a solid selection of VPNs to use to make yourself and your family a little safer.
"A speedy VPN that's very easy to use and covers basic privacy needs well enough"
- Excellent available variety of servers
- Servers are fast and secure
- Offers six connections
- Safe Wi-Fi Protection
- Loads Websites 3 To 5 Times Faster
- No Logging