We have been writing for a while about the grievous lack of security on Internet-connected “smart” appliances, web cameras, baby monitors, door locks, thermostats, personal assistants, Wi-Fi, Cable, and DSL routers, and other devices. This lack of security extends to children’s toys as well.
Due to the lack of security and privacy standards for children’s toys, and the usual rush to market by toy manufacturers who are motivated more by profit and any concern over security, a recent study uncovered a number of Internet -connected toys with serious security issues. These include:
- Kid’s conversations being collected by the device and store in the cloud.
- The absence of encryption on the data stored by these devices.
- Bluetooth and Wi-Fi flaws that would allow an outsider to connect to certain toys.
Toys included in this report as insecure included:
- Furby Connect
- i-Que Intellegent Robot
- Toy-Fi Teddy
Some toy makers are being sued by the United States for violating COPPA (the Childrens’ Online Privacy Protection Act of 1998) for failing to disclose to parents’ that their kids conversations and personal data collected by the toys are being stored on servers and sold to third-party marketing companies. You may want to give a second thought to purchasing that cool new connected toy for Christmas. How a bout a nice collection of Legos instead?