Industry News Smart Home

How to stop Internet-connected toys from spying on kids

These days, children are encouraged to surf the web and use mobile apps from a young age. We’re seeing toddlers trading toy cars and Barbies for tablets and mobile devices. In fact, 7 per cent of kids under the age of 4 play with their tablets and watch their favorite TV programs on them before bed, a study reveals.

Barbie isn’t what she used to be either. Mattel created a smart A.I.-wired Barbie that talks to children. The doll shows off a new figure – her thighs have been slightly thickened to fit a rechargeable battery in each, while a mini-USB charging port was tucked into her small back. A microphone hidden in her necklace records conversations and questions from kids who interact with her. Then, the data is transmitted to computer servers and converted into text. The line of text that best fits the scenario is delivered back to the listener in just seconds.


Source: Twitter

Smart, right? But what if Barbie could record whole conversations?

In fact, the Wi-Fi enabled Barbie can be hacked and turned into a surveillance device, according to security researchers. The doll’s operating system can be hijacked to get access to network names and IDs. Once inside a network, white hat hackers have access to account information, stored audio files as well as control over the microphone.

In response to attempts to compromise Hello Barbie, ToyTalk launched a bug bounty program last week. This follows recent news that photos and conversations of 4 million children were leaked after hackers breached toymaker VTech.

With so many temptations, it’s no wonder children are an easy target.

How can parents avoid exposing their children online?

Parents should first understand exactly how the gadget works – how it connects to the Internet, what data can it access, where that data is stored and under what circumstances. Before buying it, they should do a proper research of the new toy, then weigh the risks and benefits – can this toy turn into a privacy hazard? Using data gleaned from the toy, could someone infiltrate the home Wi-Fi network to snoop on private conversations and steal other personal information?

If they decide to purchase the device, they should carefully read the privacy statement before activating the toy and connecting it to the web.

Also, they need to think twice about whether they really need to disclose correct, yet sensitive information to each service that asks for it. For instance, was it necessary to tell VTech the real dates of birth of the children? Sometimes, fudging your sensitive information is a justifiable course of action.

With so many temptations, it’s also important to educate kids and teens on the risks they face when dealing with smart Internet-connected gadgets.

Cybersecurity is a complex, entangled subject. It’s best to start discussing online safety with your kids at an early age, when they’re discovering the Internet. Walk them through the basics: what is the Internet? Why are there bad guys and who are they? How do they protect themselves? How to set strong passwords? Etc.

Teach them about the implications of posting private information about themselves. Selfies are fun, but oversharing poses a threat to privacy. Let’s face it, Facebook is like a scrapbook for stalkers and thieves. From the music they listen to, to where they are “checking in” at in the real world, these tidbits of information can help stalkers learn children’s daily schedules and where to find them.

Lastly, advise them to have the same responsible, considerate behavior on the Internet as if they were talking to someone face to face, in the real world. Etiquette is equally important online as it is offline.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

1 Comment

Click here to post a comment
  • Has anyone collected a list of ports and protocols used by various toys?

    It seems to me that if you wish to disable the networked features of a toy, you should be able to block them on a port basis, either wholly or selectively, at the router.

    Or maybe with some slightly more sophisticated filtering ensure the toys only communicate with known IP ranges.