Merry Christmas -The Internet of Insecure Toys

Are the toys you are buying for your kids hackable?Can anyone listen in or have a conversation with your kids via an Internet connected toy?  Sorry, but the answer is “yes.”

We have been writing for a while about the grievous lack of security on Internet-connected “smart” appliances, web cameras, baby monitors, door locks, thermostats, personal assistants, Wi-Fi, Cable, and DSL routers, and other devices.  This lack of security extends to children’s toys as well.

Due to the lack of security and privacy standards for children’s toys, and the usual rush to market by toy manufacturers who are motivated more by profit and any concern over security, a recent study uncovered a number of Internet -connected toys with serious security issues.  These include:

  • Kid’s conversations being collected by the device and store in the cloud.
  • The absence of encryption on the data stored by these devices.
  • Bluetooth and Wi-Fi flaws that would allow an outsider to connect to certain toys.

Toys included in this report as insecure included:

  • Furby Connect
  • i-Que Intellegent Robot
  • Toy-Fi Teddy
  • CloudPets

Some toy makers are being sued by the United States for  violating COPPA (the Childrens’ Online Privacy Protection Act of 1998) for failing to disclose to parents’ that their kids conversations and personal data collected by the toys are being stored on servers and sold to third-party marketing companies.  You may want to give a second thought to purchasing that cool new connected toy for Christmas.  How a bout a nice collection of Legos instead?

More information


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.