Are Your Toys Spying on You? – Here’s What to Do!
The FBI issued a cyber security Public Service Announcement (PSA) warning consumers that toys may be violating their privacy. The warning applies to toys that are connected to the internet. The suspect toys are typically equipped with sensors, microphones, cameras, data storage components, speech recognition, and GPS.
Toys and other consumer electronic devices connect to the internet via wifi, Bluetooth or via smartphones. Toys with microphones can record and transmit information to the manufacturer. Many internet connected toys have or even require that users create an associated online account to register and manage the toy. Personal information picked up by the microphone can be coordinated with any personal data in the associated online account. The online account can also be used to gather other online behaviors with the use of cookies. Data collected may include browsing history, websites visited, and IP address. This data collection may or may not be in keeping with stated privacy policies.
Parents and other toy buyers should read the privacy policy that accompanies toys. Check for information storage policies. Data may be stored in the toy, online, or in a cloud server. Also understand who is collecting the data and who else will have access to it. Be sure to understand where and for how long the data is stored. Many data aggregators collect then sell user data to marketing firms.
Before buying an internet connected toy, users should research reviews and complaints about the toy or any electronic device.
- Use authentication when pairing the device with Bluetooth
- Don’t use the toy on a public wifi connection
- Understand who has access to your data and voice recordings
Toys are also subject to hacking. Like most other connected devices, internet connected toys may need updates to their firmware. Be sure your toy is kept up-to-date and patched to minimize the risk of hacking. Bluetooth-connected toys should be paired using a password. Those that do not have PIN or password authentication when pairing with the mobile devices could pose a risk as they are more vulnerable for hackers to exploit.
Parents who do buy internet connected toys should use them with caution:
- Be sure to monitor your child’s use of the toy
- Shut the toy off when not in use
- Do not register the toy unless it is required for patches or to operate the toy!
The Children’s Online Privacy Protection Act (COPPA) requires Web sites and online service operators directed at children under the age of 13 and on operators of other sites and services who knowingly collect personal online information on children under 13.
If you suspect your child’s toy may have been compromised, file a complaint with the Internet Crime Complaint Center, at www.IC3.gov.
