Bought a Smart Toy for Your Kid? You Might Want to Set It on Fire
by Angelica Lai
Photograph by Twenty20
Not to be a Grinch, but there might be a few toys under the Christmas tree that you wouldn't want to touch with a 39-and-a-half-foot pole.
If your kids end up with so-called "smart" toys—that is, toys that have spying capabilities because they can be connected to the internet, have microphones or video cameras, or have location tracking—you might want to burn them all to the ground. (OK, maybe just getting rid of them will be fine.)
Don't believe us? Just ask the FBI, which issued a first-of-its-kind statement earlier this year warning parents about smart toys, especially ones that are rushed to be made and might overlook privacy and security safeguards. Whether it's a talking doll, a tablet for kids or a video-recording toy race car, these toys can be easily hacked to disclose important personal information.
London-based VPN reviewer Top10VPN and security researcher Sarah Jamie Lewis also dug into some of the holiday toys to expose how hackers could take control of them or elicit information. For instance, according to their report, the Q50 Smart Tracking Watch has no authentication or authorization protection to communicate with the server, and "an attacker can send commands to the watch, including activating the remote monitoring mode." As another example, the internet-connected educational toy Cognitoys Dino, could transmit mic recordings and sensitive information over the internet because of inadequate encryption.
Although the safest thing to do would be to chuck toys you're worried about, the Seattle Times shared a few tips for what to do with the ones you (or your kid) really want to keep.
2. If your toy connects to Wi-Fi, only connect it to a secure network with a strong password. Don't connect it to free, public Wi-Fi.
3. Whenever the toy's not in use, turn it completely off and cover the camera or mic.
4. Last but not least, especially if a device allows chatting, monitor the chats and educate your kids to avoid giving out or saying personal information. It might seem like common sense, especially when the internet has been around for decades, but it's good to have a refresher on general online safety rules.