Creepy toy stories are usually reserved for Halloween and the occasional Tim Burton film. But this past holiday season we have been made aware of a few extraordinary toys that can be very dangerous to our children’s privacy. That is, on top of all the other tech toys that have already widely circulated. We are reminded of the Furbies that “learned” to speak, the Talkboy recording device, and many more. But today we have technologically advanced toys that are posing a real threat to privacy that even your VPN will not be able to control.
Are Tech Toys Safe?
VTech Kids, a very prominent toy manufacturer, was hacked in November. The data that was accessed revealed a lot of information about their kid customers. Details include their parent’s names, home and email addresses, IP addresses, and account passwords and security questions. The kids’ names, genders, birthdays, photos and site behavior data were also leaked. That’s some scary stuff. And this is the first danger that we want everyone to be alerted to regarding tech toys. Online accounts are not safe from hacks, even when we do our best to choose secure passwords and use only encryption protected sites and privacy tools. In the VTech breach, about 11 million parent and child accounts were hacked, giving the attackers access to the Kid Connect platform where children go to chat with parents and get new content.
Another example is the Hello Kitty hack that happened around the same time. The sanriotown.com online community was used to access kids’ accounts on the related websites hellokitty.com, hellokitty.com.my, hellokitty.com.sg, hellokitty.in.th, and mymelody.com. Similar data was stolen in this breach that happened because of poor security practices and improper database setup. The Hello Kitty sites do not use authentication technology that can protect user accounts from being hacked, subjecting them to an inflow of phishing and other scams.
Toy companies like VTech are trying to build rapport with the new, connected, generation. This means that they are building rapport through online channels, and are therefore collecting a lot of data that way. They are also sharing this data with third parties to improve their marketing strategies to make them more interesting to kids.
Many companies in the tech industry have better security policies, but this does not include toy stores, even those that focus on tech toys. IT companies have a lot more experience with online security, and they face a lot more pressure to prove that they prioritize security. But toy companies are only now being placed in that spotlight. Kids and their parents are also not focused on security when they are dealing with toys. Toys are supposed to be all about fun, basically harmless. But tech toys are posing a real threat to people, as you will see from the examples below of possibly the creepiest toys – perhaps aside from clowns and that cymbal monkey that gives us nightmares.
A Closer Look at These Creepy Toys
The first creepy tech toy in our spotlight is the Hello Barbie. This newest creation from Mattel can hold a conversation with kids. The talk is transmitted over WiFi to Artificial Intelligence servers. This is how the toy can respond appropriately. But all that talk is being recorded and kept on these servers, probably for further analysis to improve the AI system. But what happens when this data is leaked? The conversations of an unknown number of kids and their Hello Barbies are exposed. This actually already happened, and it wasn’t even a difficult hack. Attackers could breach home WiFi security through the doll’s mobile app, which is connected to the AI cloud storage. This allowed attackers to control other connected devices tough the breached WiFi. Spying on kids’ talk is creepy enough, but then everyone else in the house is now also in danger.
We also have the Smart plush toys in bear and monkey variety that don’t send audio files to the cloud but are still record speech to be interactive with kids. The toy does, however, receive updates from a server as a way of “learning” new things to do. It then records how much a child participates in each of these activities. There’s a ton of marketing data up for grabs right there, and these monkeys and bears are grabbing it.
The above are just two of the many new tech toys being sold these days. Many others like tablets for kids have been around for much longer. Some of these were affected in the VTech hack. All of these tablets are connected devices that can leak a lot of your children’s information to manufacturers, marketers, other third parties and even cybercriminals.
Protect Your Kids
Every kid wants a smart toy, but parents have to acknowledge the risks involved. These toys are putting kids’– and the whole family’s – privacy in danger. Moreover, their digital and physical security is also at risk. The types of data that are being stored and stolen can lead to additional hacks and scams that target financial information and identity theft. For kids, this is a big deal because parents rarely check up on their kids’ credit ratings. They could grow up and find their reputations ruined before they are able to earn any. Online harassment and abuse is also a huge threat. There is a lot of cyber bullying and sexual abuse happening right now. Physical addresses are also exposed, putting everyone at risk of home invasion and kidnapping.
Parents need to be wise about choosing to buy a smart toy for their children, and researching it to make sure the company has strong protections. They should also be wise about how the company communicates with kids and how these avenues can be manipulated. The home network and devices should also all be protected by security software and privacy tools like VPNs to mitigate the threats posed by connected devices.
