An increasing number of products aimed at entertaining and educating children are now network-enabled. Innovative toy designers are harnessing the power of WiFi and cloud-based computing in order to create interactive experiences for children of all ages. While marketers assure parents the information their kids share is secure, two recent news stories have brought to light serious privacy and security concerns when it comes to these “smart toys.”
Kids are especially vulnerable when it comes to unauthorized access to their information. In some cases, it may be possible for hackers to find out deeply personal information which could be used to deceive or endanger a child. As these two data breaches reveal, it’s time for parents to tune in and make their kids’ online privacy and security a priority.
The VTech Breach
In what may be the largest and most far-reaching breach of kids’ security online, hackers recently discovered smart toy manufacturer VTech left the personal data of parents and kids vulnerable online. The company’s service, Kid Connect, allowed parents to chat on their smartphone with their children via a special VTech tablet. Not only did hackers discover the names, email and home addresses of nearly five million parents, but they were also able to access the “names, genders, and birthdays of more than 200,000 kids.” Perhaps more astonishing, however, were the photos of parents and kids, as well as chat logs between parents and kids archived up to a year.
While VTech moved quickly to shut down what they believed to be their most vulnerable services, the revelation of the breach should give parents significant pause. Many children have a predisposition to trust adults, but have been taught to be wary of strangers. But what happens when a stranger approaches with significant, private information gleaned from chat logs? It’s not hard to imagine how breaches of this magnitude make kids vulnerable to situations where false trust may be established.
Hacking Hello Barbie
If someone asked you if you were comfortable with them placing a listening device in your child’s bedroom which uploaded and stored your child’s conversations in the cloud on a company’s server, how might you react? Now imagine that listening device is an iconic doll, beloved by kids for decades. If you’re like many parents this holiday season, you might just pay $75 for the privilege. Hello Barbie, manufactured by entertainment company ToyTalk for Mattel, “uses a microphone, voice recognition software and artificial intelligence to enable a call-and-response function similar to Siri or Google Now.” But as one hacker has demonstrated, there are some genuine concerns about how secure the doll can be:
“According to Security researcher Matt Jacubowski who contributed to the NBC findings revealed that he successfully hacked the doll’s operating system and was able to gain access to Wi-Fi network names, the internal MAC address, account IDs and MP3 files. With this information, Jacubowski could easily get into a home network, listen to the recordings by Barbie and modify the doll to suit his needs. “It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want,” says Jacubowski.”
Connectivity gives new generations of kids’ toys a level of interactivity beyond what any parent may have imagined just a few years ago. Parents need a new mindset for evaluating these devices; they are not merely toys, but nodes on the rapidly emerging Internet of Things (IoT). Hello Barbie is but one example of the world to come. How can parents adequately prepare themselves? How can they raise privacy-savvy kids?
Tips for Parents
Just as parents have worked to educate children about the concept of stranger danger, there are steps parents can take to help their children protect their privacy. For example:
• Act as a privacy role model. Look for opportunities to discuss what you feel is and isn’t appropriate to share.
• Have “the talk” about privacy. Cover issues identified by advocacy groups such as Common Sense Media, OnGuardOnline.gov, the FTC portal for Kids’ Online Safety, iKeepSafe and GetNetWise.
• Set ground rules such as where and when kids can go online or use a mobile device.
• Check privacy settings on devices kids use to ensure they are optimized to protect how much information is shared by default.
• Use tools like Disconnect Kids or Kidoz to limit tracking and moderate content.
While we can make choices about the devices we bring into our homes, a much more robust long-term approach centers on privacy education and advocacy. The best defense is smart kids who understand the ramifications of smart toys.
Comments