Are smart toys the hackers’ passport to spying on your kids?

02-08-2017 | Electropages | Insights

The smart toy market is booming and analysts expect it to hit nearly £10 billion by the end of the decade. And whereas these Internet-connected toys can provide kids with loads of fun there is a dark side to them. Hackers like them a lot.

Why, because quite simply many of them are not cyber secure. They just do not have adequate information encryption designed into them and the reason for that is money. Toy makers want to be cost competitive and the global toy business is a mean business when it comes to controlling manufacturing costs in order to be price competitive on the high street.

Such is the level of security concern it has prompted America’s FBI to issue a warning. A division of the FBI known as The Internet Crime Complaint Centre recently issued a warning about the inadequate security and privacy protections provided by manufacturers of Internet-connected smart toys.

Vulnerable Family Data

This very high-level response was prompted by a number of worrying incidences where hackers had not only been able to steal family data but also spy on children while playing with the toys.

Now it’s only fair to say that not all smart toys are vulnerable. There are reputable manufacturers out there who do build in adequate hacking safeguards. But here’s the thing; smart toys contain microphones, cameras, sensors, memory devices, speech recognition and GPS options. They collect data like voice recordings, toy application passwords, home addresses, Wi-Fi details or sensitive personal data all of which is very often uploaded to a cloud storage system.

The FBI has also voiced concern relative to toys with Bluetooth capabilities that do not have robust encryption built into them. A case in point followed the CloudPets toy hacking incidence. Manufactured by Californian based Spiral Toys, the details included email addresses, passwords, pictures and voice recordings of children and adults who had used the toys.

There are numerous accounts of hacking incidences including toys from some very well established and high-profile manufacturers whereby the toys API where found to be deficient.

What About the APIs?

Smart toys rely on Application Programming Interfaces (APIs) to share information with other devices and it is this that can make Internet toys hackable.

In a well-documented case involving a Mattel Fisher-Price smart bear it was found the vulnerability to hacking was a result of a problem with the API and that this problem could have been identified with the proper testing of the API. This testing is extremely complex. After all you are evaluating what is the digital brain of the toy that is responsible for providing the tools, protocols and standards that make the whole thing work. So if smart toy manufacturers want to eradicate the risk of hacking then they need to make the investment in getting the API testing job done right.

That aside there are also some handy precautions that end-users of the toys can apply. Some are pretty obvious like strong passwords that contain letters, numbers and symbols and make sure that each toy has a different password. Keep your home network anti-virus and anti-malware software up to date.

Configure Internet toys to achieve maximum online security. Pairing them with tablets and smartphones will help protect your personal information and Internet connection while the toy is connected to the app and being played with.

It is important to disable location services as this will block any attempt to hack the toys geographic position. Also imperative is the turning off of microphones and webcams because the information that many cybercriminals is easily obtained by hacking microphones and webcams.