Thinking of buying some high-tech internet-connected toys for your little ones this holiday season? Maybe think twice.
Toys have gradually become more advanced and technology-oriented in recent years, from mini kid tablets to smart, talking Barbie dolls. While many of these toys offer exciting features like speech recognition, the additional technology can also lead to vulnerabilities.
For example, in February 2016, a Fisher-Price smart Wi-Fi-connected teddy bear was discovered to possess security flaws that allowed hackers to steal a child's name, birthday, and gender, according to The Guardian. Security researchers have pointed out that the bugs were simple and should not have slipped through.
Similarly, an estimated 6.3 million children's accounts and 4.9 million parents' accounts were affected in a 2015 database hack. Email addresses, names, and passwords were leaked from a database for VTech, a toy maker that produces electronic devices. The leak also included photos of children and parents and chat logs, according to Motherboard by Vice.
Critics are concerned both about the risks to privacy, as well as the potential for exploitation, marketing, and predation. Toy companies may be less concerned and rigorous about the security of their gadgets than necessary, which allows for holes where hackers can siphon off kids' data.
Some companies have taken steps to ensure toy security. Hello Barbie, a Wi-Fi connected talking doll from Mattel and ToyTalk, can tailor conversations based on a child's past play with the toy. ToyTalk launched a "bug bounty" program in 2015, to encourage hackers to find and report problems in the system, the San Francisco Chronicle reported.
What can you do? If you're buying these toys for Christmas, be aware of the data that is sent, and make sure to limit and secure it, if possible. Set up passwords judiciously. Monitor the content your children share with their tech toys, such as conversations recorded by a smart doll. Don't leave the technology in the toy always turned on, if possible.