sb-au logo
Story image

NordVPN: Are kids’ smart toys spying on you?

04 Jun 2019

Any Internet-connected toys that have cameras, microphones, or location tracking may put children’s or parents’ privacy and safety at risk.

That could be a talking teddy-bear, a smart car, or a tablet designed especially for kids.

With companies pushing the new toys into the market, security safeguards may go overlooked.

“Parents should be aware of what they are bringing home to their children. Once you connect anything to the internet, it may potentially be exposed to cybercriminals. Once they are in, hackers can use the toy’s microphone or camera to hear and see whatever the toy ‘sees’ and ‘hears.’

"In some cases, some shady guys from the internet can even talk to children,” says NordVPN digital privacy expert Daniel Markuson.

“The problem of the vulnerability of connected toys isn’t new, but it’s snowballing, as more and more smart toys reach the market every year.”

Lately, expert warnings about the vulnerabilities and threats of smart toys are becoming more common.

Just last month, a security flaw was found in the TicTocTrack smartwatch for kids in Australia.

This flaw allowed to track children, eavesdrop on them, and even call them.

Interestingly, the company behind the GPS smartwatch was backed by one of the Australian regional governments.

And this case is not an exception. Security failures were discovered in such well known and advertised toys as Furby Connect, CloudPets, i-Que Intelligent Robot, and Toy-Fi Teddy.

Official state institutions in various countries have even banned some smart toys. For example, in 2017, Germany’s Federal Network Agency banned ‘My Friend Cayla’ dolls and allowed retailers to sell them only if they disengaged its ability to connect to the internet.

The Norwegian Consumer Council gave similar evaluation regarding this toy.

However, the largest known breach that targeted sensitive information about children happened in 2015.

A cyber-attack on the digital toymaker VTech Holdings exposed the data of over 6.4 million people, mostly children.

The hacked data included names, genders, and dates of birth.

Parents can never be too careful when it comes to protecting their child.

There are a few basic rules from NordVPN’s digital privacy expert to follow when choosing a smart toy for a kid:

Do your research

Before buying a toy, search online for reviews and expert comments and check for any complaints or security issues. Reputable companies will likely explain what information they collect and how they use it. Don’t forget to read the manufacturer’s Privacy Policy and Terms of Service on their website.

Don’t give away your information

Some toys and games require registration for full playing experience or to provide updates. When registering, be careful about the information you hand over. The developers need your email to let you know about updates, but other information is mostly unnecessary. If, for example, it requires your kid’s birthday, you can always lie a bit.

Use only secure Wi-Fi

Before connecting the smart toy to a Wi-Fi network, make sure it is secure and has a strong password. Connecting such gadgets to a public Wi-Fi network is not advised, as those are easily hackable. By the way, set a password on the toy as well, if it allows that.

Check the chats

Some smart toys allow kids to chat with other children playing with the same toy or game. Be sure to explain to your kid what personal information is and why they can’t share it. From time to time, check the messages to make sure your children are not talking to strangers pretending to be kids. Reputable manufacturers will offer ways for parents to review the stored information.

Power it off when not used

It is advised to power off the smart toy when not used so that it stops collecting data. If the item has a microphone, throw it in a drawer or chest, where it’s harder to record conversations. And toys with a camera can be covered or placed facing a wall.

Report the breaches

If you noticed something unusual or a toy was compromised by a hacker, be a good citizen and always file a complaint to the state authorities. It might not help you, but it will make the internet a safer place for everyone and will press the manufacturer to stop overlooking security safeguards.

Link image
Why cloud-scale & automation is an integral part of business strategy
Find out how to rank and prioritise processes for digitisation efforts, and why you should strategically leverage a tool for restoring operations.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More