Smart toys are on a lot of Christmas lists this year because they interact with children to help them learn. But just remember the "smart" in smart toys means wi-fi connectivity, which means there's an opportunity for hackers to steal your information.
We've warned you before about toys that may be spying on your kids. Now the government is warning you too.
The United States Senate wants you to be extra cautious if you've purchased a smart toy for your child this Christmas. The Committee on Commerce, Science, and Transportation recently released a report titled "Children’s Connected Toys: Data Security and Privacy Concerns" that details the risks these toys pose.
VTech children's phones and tablets had a service called "Kid Connect" that allowed parents and kids to exchange texts, voice messages and pictures. The company collected the parents' email addresses, mailing addresses; the child's name, birthdate, and picture; and all the content that was sent through the phone or tablet. But VTech had "outdated and inadequate security practices" so a hacker gained access to more than 6.4 million child profiles and 4.8 million parent accounts.
Fisher-Price's Smart Toy Bear can have a conversation with your child and remembers what is discussed. To use the toy, children set up a profile that includes their name, gender, date of birth, parents' email addresses and other information. A vulnerability in the web service associated with the toy means hackers can access these profiles.
An authorization flaw with KGPS's herO watch made it so that strangers could figure out where your child is. Parents use the watch and the app to track their child's location. They view this information through an online account and they can send invites to share access with other family members. Hackers had the ability to request and grant themselves permission to the account.
There aren't too many days left until Christmas, which means you may have finished your shopping already. If you purchased any smart toys, the committee says you should keep these things in mind:
- Be aware of what information is collected, whether or not it will be shared, and how long it's kept by the company.
- Research whether or not the toymaker has been a victim of data breaches in the past. If so, how was it handled?
- Change the toy's default passwords and privacy settings. Only allow the toy to collect the information necessary for the toy to run properly.