Make Your Kid’s Internet of Things Toy Story a Safe and Happy One

What do IOT Toys have to do with your kids?

Remember when the most dangerous thing a parent had to worry about when giving their child a Christmas present was that he would shoot an eye out? Well okay, that was pretty serious, but the most popular items on the list for Santa today can be just as dangerous in different ways.

I’m talking, of course, about Internet of Things Toys (IoT Toys) or Smart Toys. Some of the most popular IoT toys this year include Hatchimals, Teddy Ruxpin (all updated and digital now!), Droids (think BB-8 from Star Wars) and Hello Barbie. Smart toys are expected to account for 18% of both the toy and video game markets by 2018.

Aside from the cool factor and just being flat out fun, these IoT toys can offer even the youngest of kidseducational benefits from literacy and numeracy skills to digital literacies and coding skills. They will also learn collaborative play and expand their creative and rational thinking.

However, in an increasingly scary trend, these toys also put kids at risk in ways they will never think of and many of their parents won’t either. That is because these toys pose threats to children’s data protection as their connectivity through the internet means kids and their actions and even locations can be tracked, recorded and exploited.

In order to use these toys, kids have to register with the cloud and put their personal information out there. Hackers are increasingly targeting such companies; CloudPets, Hello Barbie and VTech are just a few who have experienced serious breaches. Some of the information gained in such breaches includes voice recordings, users’ system information, Wi-Fi network names, internal MAC addresses, account IDs, and even MP3 files. Cybercriminals also were able to access parent accounts including names, email addresses, secret questions and answers for passwords, IP addresses, mailing addresses and download histories.

As bad as these breaches are, they aren’t even close to the worst part about the IoT toy dangers. The creepiest part is that hackers can access the toys and make them do things or say things that may harm kids. One product even allowed unauthorized Bluetooth access from any smartphone or tablet within 50 meters, thus potentially allowing strangers in the immediate surroundings to talk to children. They also make the child very trackable.

So, what to do? Go back to giving the Red Rider BB gun? Of course not—we want our kids to have the latest and greatest toys and to enjoy the benefits of today’s technology. We just have to make it our responsibility to keep them safe, just as Ralphie’s parents tried to do.

Here are some recommendations for parents to consider when purchasing IoT toys:

1. Research app permissions before purchasing smart toys and disable access to the permissions that can compromise your privacy.
2. Consider the wireless profile of devices. Is the Wi-Fi-connection an access point or client?
3. Double-Check the Parental Controls
5. Teach your kids not to give sensitive information to toy providers (and monitor the set up!)
6. Disable location services.
7. Mute any microphones and block any webcams
8. For integration with Alexis, Siri…, set up a separate account from your buying account.
9. Update the firmware regularly.
10. Disable In-App Purchases. Some smart toys offer up the ability to purchase various in-app items. If you don’t disable purchases, your child may run up quite a high bill. There have been plenty of situations in which children have amassed significant debt on apps using their parents’ credit cards, including one bill worth $5000 spent on Jurassic World and another for $46,000 on Game of War: Fire Age.
11. Watch your kids play and engage with them! Maybe they’ll teach you a thing or two!

Most importantly, know this: if any device you have in your home connects to the internet, whether it’s though Wi-Fi, Bluetooth or another form of connectivity, you can bet your data is being harvested, analyzed and sold.

John Sileo is an an award-winning author and keynote speaker on cyber security, identity theft, internet privacy and fraud training. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.