Toys have changed a lot in modern times. More and more kids are now playing with toys that connect to the internet, record audio and capture video. Some toy makers request that parents and kids sign up for accounts by giving personal information ranging from names to birth dates.
“These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed,” the FBI warned in a recent public service announcement aimed at protecting kids and families from potential security breaches tied to smart toys.
The FBI cautioned the public about child identity fraud: “Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”
Tip within a tip: Smart toys may pose a risk to your kids’ privacy, but what about your own privacy and that of your entire family? If you’re not taking the right steps to secure these devices, your private Wi-Fi network could be a prime target for hackers. Click here to see how your smart gadgets could be spying on you right now.
The FBI offers up a series of safety tips for parents who plan to buy an internet-connected smart toy. It all starts with an online search for any known security issues. The FBI encourages families to find out what security measures the toy offers, such as if it requires a code when pairing through Bluetooth, or if the toymaker offers security updates or patches if necessary.
Here are more smart toy tips from the FBI:
Only connect and use toys in environments with trusted and secured Wi-Fi internet access. This means your secure home network should be OK, but you might not want to use a public network at a cafe.
Install any available software updates or security patches. You should be able to find this information from the toy maker’s website.
Monitor your child’s use of the toy. Review any audio or video recorded by the device.
Turn off the toy when not in use, especially if it has microphones or cameras, so it doesn’t unintentionally pick up sound or video.
Use a strong password. This is a good tip for any piece of technology, but it’s also important when dealing with connected toys. Use a mix of upper and lowercase letters, numbers, and special characters. Check out these proven tricks for creating solid passwords.
Minimize the sharing of personal information. This applies to setting up a user account associated with a smart toy. Avoid sharing details like birthdays or a child’s personal preferences.
This may seem like it takes the fun out of toys, but we’ve already seen some security breaches tied to connected gadgets for kids, notably when hackers stole information from California company Spiral Toys, maker of CloudPets toys, and demanded a ransom in early 2017.
There are laws in place designed to protect children, notably The Children’s Online Privacy Protection Act (COPPA). COPPA was recently updated to apply to connected toys and other products that collect a child’s personal information, including voice recordings or GPS locations. Previously, it primarily applied to websites and mobile apps. Parents who believe a toy or their child’s information has been compromised can report it to the FBI’s Internet Crime Complaint Center (IC3).