The hottest new toys are increasingly connect to the internet, listen to your commands, and interact with kids intelligently. According to Juniper Research, connected/smart toys were a $2.8 billion industry in 2015. Probably the most famous connected toy to date is Hello Barbie, which features “speech recognition and progressive learning features” that allow Barbie to play interactive games, tell jokes, and base two-way conversations on past discussions she’s had with her “owner.”
The magic behind this is that Hello Barbie (and other connected toys, in a similar manner to Apple’s Siri assistant) connects to the toy- or software-maker’s server in the cloud through wi-fi. This allows the toy to upload the data it takes in to harness the considerable amount of computing power that’s necessary to decipher speech, interpret its meaning, and, importantly, respond intelligently and appropriately as best it can.
However, one of Hello Barbie’s features is “progressive learning,” so it it’s pretty clear that your child’s interactions with the toy are recorded and stored in some remote location – which means that this information may be susceptible to tampering. Add to that the fact that you probably used an email address and provided other personal information when you initially set up the toy, and you can understand why parents have legitimate privacy concerns about Hello Barbie and other connected toys.
In December 2015, toymaker Vtech announced that a data breach by hackers exposed the personal information of almost 6.4 million children, including names, birth dates, profile pics, chat logs, and more. Just a few months ago, Fisher Price’s Smart Toy Bear had a major exploit revealed, and Hello Barbie’s ToyTalk makers have been criticized earlier this year for various vulnerabilities that could allow hackers to intercept children’s voice recordings (to which they responded quickly by introducing a bug bounty and upping their security efforts).
Additionally, in most places, parents are responsible for providing the consent a company needs before it can collect information through a toy. And while that may be fine for your kid, what about other kids who are exposed to the toy and whose parents have not provided consent?
Being aware of the risks involved is a good first step, so here are three ways that connected toys might affect your family’s privacy:
Cameras: Fisher Price’s Smart Toy Bear has a little camera in its nose to read smart cards, and lots of devices are popping up with cameras to take photos and video, recognize objects, and more. In addition to whatever may be the main focus of the camera, things in the background are also vulnerable to exposure (so wipe that password off your kitchen whiteboard!).
Microphones: While Hello Barbie is only listening when you push on her belt buckle, there are more and more devices that are always listening, so it’s important to consider that private conversations within earshot of connected toys may be recorded and (in any cases are) uploaded to the cloud.
Data: We’re getting more and more comfortable sharing emails, phone numbers, and other personal information online, but don’t forget that connected toys might not always have the same level of security as you’d expect from Apple or Google.
Thankfully, responsible toymakers are working hard to make things better, but it always pays to be informed and cautious, so do some research on the next connected toy you’re thinking about buying to make sure that its makers are taking your family’s privacy and security seriously.