When your in-laws give your child a loud toy for the holidays, you know you are going to have to hear it for the next few months. But when that toy connects to the Internet, how can you be sure that you’re the only ones listening?
This holiday season, “smart toys” (Internet or Bluetooth-enabled toys) are some of the most popular toys on the market. A lot of these toys look awesome, including:
- remote control cars that connect with an app and allow you to race against AI controlled cars;
- stuffed animals that play back messages sent from loved one’s smartphones; and
- soccer balls that track your form when you kick them.
Smart toys come with fantastic features, but if left unsecured, smart toys can present a serious privacy risk to those who use them. For instance:
- Hackers could gather the personal messages recorded to play through a grandchild’s teddy bear;
- Strangers could send messages to nearby children by using a toy robot’s Bluetooth feature – putting their safety at risk; and
- Toy companies could use a toy’s microphones not only for voice commands, but to also collect personal information to sell to third parties.
Unsecured smart toys present serious risks to the children who play with them. You wouldn’t buy a toddler a toy that is a choking hazard. You wouldn’t buy a toy with lead paint. So you should make sure you buy smart toys that will keep children safe and respect their privacy.
Unfortunately, security and privacy are hard things to determine from the back of a toy box. Packaging may state a choking hazard, but it is not likely to show if a toy uses strong encryption or will not sell your data. Yet, there are several things you can do to be smart when buying toys this holiday season:
- Read the reviews. Consumer organizations and others review connected devices and toys as part of their buying guides. Mozilla and Which? Both released buying guides for smart toys this holiday season.
- Read the user agreement. User agreements should tell you what data a smart toy collects. They also should tell you who they share that data with. Will they send your child’s data to advertisers or other third parties?
- After you buy it, keep up with updates. Even if a smart toy is secure when you buy it, you have to keep up with updates to keep it secure. When buying a device, make sure it can be updated. Another factor to consider is how long the developer will support the device with updates.
- Ask yourself, does this need an Internet connection or Bluetooth functionality? If you cannot tell if a toy is safe and privacy respecting, it may be better to buy a similar toy without the Internet or Bluetooth functionality.
Shopping smart doesn’t only keep you and the ones you love safer, but also helps send a clear message to toy companies. Security and privacy are too important to be an afterthought. They must take a central role in designing any smart toy.
Every business has to respond to the will of its consumers. If we all shop a little smarter, toy companies will have to wise up to security and privacy too.
Are you a manufacturer wondering how to make your products more secure? See the Online Trust Alliance’s IoT Trust Framework. The Trust Framework provides guidance for device manufacturers and developers to enhance the security, privacy and sustainability of their devices and data they collect.