Read this before buying a Wi-Fi-connected toy for your child – MarketWatch

Be careful — your child’s connected teddy bear may be watching you. Increasingly popular internet-connected toys pose a privacy concern for the children who use them and their families, the Federal Bureau of Investigation warned Americans this week.

Smart toy sales increased 96% from September 2015 to September 2016, according to global information company NPD group. But there has also been a rise in the number of high-profile hacks and data breaches affecting children. In April, more than two million recorded messages from parents and children stored by CloudPets plush connected toy company were exposed to potential hackers, along with 800,000 emails and passwords. (CloudPets acknowledged the exposure, but said user information was not compromised.) In 2015, a hack of another toy company exposed the information of more than 200,000 children.

The FBI has been placing more of a focus on connected toys in recent months, said Jim Ivers, the vice president of marketing for the Software Integrity Group at Synopsys. “The protection of children is a pretty emotional subject,” he said. “If child safety starts being compromised and manufacturers don’t start looking out for it themselves, the government is going to step in and regulate.” Although the FBI recommended parents check the background of the toys they buy their children, he said there is no central location to do that. “It comes down to parents taking action regarding each particular toy,” he said.

Here are some of the measures you can take when purchasing connected gifts for the children in your life to minimize security risks:

1. Turn off the toy when it isn’t in use

Turn off recording capabilities and microphone permissions when a toy is put back on the shelf. And this doesn’t just apply to toys. Stickers made for laptops and other devices can also cover cameras while they are not in use to ensure that even if they are compromised, hackers won’t have a window into your home.

2. Don’t give away unnecessary information

If the account requires personal information, simply give the bare minimum amount required, said Alan Brill, a senior managing director in Kroll’s Cyber Security practice. “Recognize you are not under oath there, you don’t have to tell the truth,” he said. “Many devices don’t have GPS services and there is no reason to give it your real address. People have to think about the consequences.” Users can even invent false names, ages, dates of birth, and other data to minimize risk in the case that the website is hacked.

3. Check the company’s privacy policy

There is no government certification or central information resource informing consumers whether a specific brand of toy is hackable. However, a simple Google search could alert you to past hacks or other problems in the company. Aside from doing the obvious online search, buyers should also read the full privacy policies from the company and ensure the company will notify them in the case of a hack or data breach. Ensure the company notifies users when privacy policies change. Pay particular attention to where it stores user data and what security measures it takes to protect it, like whether the data is encrypted, and if it shares with (or even sells) data to third parties.

4. Use multiple, strong passwords

Americans are not great at passwords: 31% of people have used a pet’s name, 23% have used number sequences, 22% a family member’s name and 21% a birth date. Passwords based on easily-discovered personal information are not effective. Neither are number or letter series. The passwords most frequently cracked by hackers include 123456, password, 12345, football, and qwerty, according to a report from security service SplashData. Experts suggest using password services like Lastpass or 1Password to generate and safe complex passwords for various accounts.

5. Don’t accept gifts without vetting them

It’s a difficult scenario: your child opens a new connected toy from grandma at Christmas, but you are not sure about its safety features. Brill said it’s important to do research on the toy before allowing a child to use it, and be willing to get rid of the device if it doesn’t offer proper protection. In rare cases he has even learned of toys being sent to children randomly in the mail under the guise of them “winning a prize” in order to hack into the family’s network and obtain sensitive information. Never accept a toy, especially a connected one, from an unknown source.


Write a Reply or Comment:

Your email address will not be published.*