Smart toys are the latest devices with compromised security. And while they can be a lot of fun, they also come with serious risks. We’ll explain what smart toys are, how they work, and why you need to be careful when buying one for your child.
Smart toys, a booming market
The smart toy industry recorded a turnover of US$7.6 billion in 2022, and all the experts agree that in the next 5 years, it will reach more than US$15 billion per year. This year is one of the most important markets for smart toys, particularly in Europe.
Smart toys are an emerging market with tremendous growth potential. The industry has grown steadily since its launch in 2015 and is expected to continue to do so for the next few years.
The other side of the coin: increasingly frequent cyberattacks
In 2018, researchers performed multiple remote code executions on Mattel’s Hello Barbie, allowing them to listen in and record the conversations of children playing with her. The toy did not encrypt its audio recordings and could not adequately protect them from unauthorized access.
Mattel responded by issuing a notice warning consumers of the safety risks associated with the toy but did not offer a solution for updating the software or firmware or even an assurance that future releases would include new features, such as better security features than current models.
In the same year, researchers discovered that Vtech’s Kidizoom smartwatch stored passwords and chat logs in clear text. The company responded by releasing new versions of its software that encrypt data and improve its password storage practices. However, it did not explain how it would deal with existing devices that had been sold with outdated security.
Therefore, these toys have many vulnerabilities similar to those of a computer or mobile phone. Suppose a hacker can access and take control of your smart toy’s operating system. In that case, they can record audio or video, track your location, steal the data you have stored on your device, and even embed information in an image file.
How to protect smart toys from hackers?
The main concern of many parents is the safety of their children’s toys and the potential consequences of a hacker gaining access to them. Smart toys can be protected against hackers in different ways:
- Use a firewall to prevent unauthorized connections.
- Set up password protection on your smart toy (or use an app that does it for you).
- Connect your smart toy to the internet through a virtual private network (VPN).
A VPN is a service that encrypts your internet data and sends it through an intermediate server located at a location of your choice. Using a VPN allows you to change location on Chrome and make it appear as if your encrypted data is coming from the VPN provider’s server, rather than your own device. This not only secures your data but also prevents hackers from intercepting it.
Are all smart toys affected?
It is important to note that the safety of these toys is not guaranteed. The Internet of Things is still relatively new, and many manufacturers have not had the time to thoroughly test the security of their products or update their firmware if necessary. This makes them vulnerable to hacking and digital intrusion: meaning someone could potentially access your child’s conversations or data without your knowledge.
Also, since smart toys often connect over Wi-Fi connections, they can be subject to outside interference from hackers who want to access personal information about you or your child. In other words: if someone wanted information about what you say inside your house (to some extent), they just might have it!
The most worrying thing here is that the data collected bound by these toys can be used for purposes of blackmail or identity theft. For example, hackers could threaten children by exposing private conversations if they don’t comply with their demands (for example, withdrawing money from an ATM). Or, they could use information collected from a toy to gain unauthorized access to your bank account or social media.
All of these hacks are preventable. You can take a few basic steps to protect your child’s data from being stolen by hackers. For example, avoid using the same password for multiple accounts and change it every two months.
