The Federal Bureau of Investigation has recently issued a Public Service Announcement (PSA), encouraging consumers—parents, in particular—to think twice before purchasing internet-connected toys. Smart toys and entertainment devices for kids are part of the Internet of Things, and as such, they have built-in Wi-Fi capabilities. This enables them to communicate with the cloud and with each other. Other than that, these are also equipped with sensors, cameras, microphones, and other bits that allow them to not just respond to their child owners but also store data and tag a child’s location for parents/guardians to keep track of them in real time.
CloudPets, Hello Barbie, My Friend Cayla, i-Que Robot, and hereO are just some of the smart toys and devices that security researchers have scrutinized for their lack of security and privacy measures.
The FBI has highlighted in the PSA what type of information these toys may be able to gather. As most of these are normally “always on”, they can act as silent observers inside a home, being able to listen in on chatter from whoever is within its microphone’s range from young children or adults alike.
More from the PSA: “In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs. The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”
The PSA also includes an overview of what makes internet-connected toys vulnerable, what the existing laws that protect children are, and a rundown of recommendations consumers or parents can do before they buy a smart toy or device for their kids.
Parents are also encouraged to file a complaint to the Internet Crime Complain Center if they think that the toy or device may have been compromised by hackers.