They see you: FBI warns about dangers of internet-connected toys
While many American parents think ‘smart toys’ are a great idea, the FBI has issued an unprecedented warning that internet-enabled items may pose a privacy and safety risk for children by harvesting personal information.
Smart toys and entertainment devices for children typically contain sensors, microphones, cameras, data storage chips and multimedia capabilities such as speech recognition or global positioning (GPS).
“These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed,” the FBI said in a warning issued Monday.
Smart toys typically require user accounts, which involve disclosure of personal information. Companies that make such toys and apps that come with them also collect large amounts of data such as voice messages, conversation recordings, physical locations of the toy and internet use history ‒ all of which could create opportunities for child identity fraud if they fall into the wrong hands, the bureau warned.
Furthermore, misuse of sensitive data about the child ‒ such as known interests, GPS location information, or visual identifiers obtained from pictures or videos ‒ “could present exploitation risks.”
“I think this is the first time the FBI has issued such warning,” Tod Beardsley, director of research at cybersecurity firm Rapid7, told Reuters.
Earlier this year, the German government banned the sale and ownership of a talking doll made by the US-based Genesis Toys, citing the hacking risk it posed to children. Parents who had bought the doll were told to destroy it.
In April, the Electronic Frontier Foundation (EFF) raised the alarm over laptops, tablets and other educational devices issued to about one in three US schoolchildren, which also collect massive amounts of personal information with little or no parental control or opportunity to opt out.
Hackers and other unauthorized third parties are not the only concern, either. In 2010, a Pennsylvania school district was sued over remotely activating the cameras on students’ school-issued laptops and spying on them at home.
Among the measures the bureau recommends to parents is using strong passwords for their home networks and any accounts associated with the toys, monitoring the use of toys thorough parent apps and checking the toymaker’s use and privacy policies.
“Ensure the toy is turned off, particularly those with microphones and cameras, when not in use,” the FBI also suggested.
Other kinds of toys pose a privacy risk, too. In March, a Canadian company agreed to pay out a $3 million settlement to users who claimed that the app that came with their internet-connected sex toys inappropriately collected intimate information.
