UPDATED 00:05 EST / JULY 18 2017

EMERGING TECH

FBI warns parents about privacy and safety risks of Internet-connected toys

The Federal Bureau of Investigation is warning that Internet-connected toys can present privacy and safety risks to both parents and children.

In a newly published advisory, the FBI said Internet-connected toys typically contain sensors, microphones, cameras, data storage components, speech recognition and GPS options that collect data, which then is typically sent and stored by the manufacturer or developer via a server or cloud service. The collected data, which can include voice recordings, toy web application passwords, home addresses, Wi-Fi information or sensitive personal data, can present a serious security risk, the Bureau warned.

While pointing out toys using encrypted communications are essential to mitigate the security risk, the FBI said that not all toys implement such features. Those using Bluetooth do not have authentication requirements when pairing with the mobile devices, posing a significant risk for unauthorized access.

The bureau added that another data risk involves the toy companies themselves. Because they collect “large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs,” they themselves could be targets for hackers.

Instances of security issues with toys are already occurring. In February 2016, Internet-connected toys made by Fischer Price and hereO were found to have vulnerabilities that would allow a hacker to gain access to them easily. In February this year, data from Spiral Toys Inc., the company behind a product called CloudPets that allows children to send messages to their parents and vice versa, was found to have been exposed and downloaded by hackers. To put how serious that was in perspective, the data included exposed passwords, emails and more than 2 million private recorded messages between parents and their children, with the data subsequently used to issue ransom demands against parents.

The FBI recommends that parents check if there are any known security issues for any Internet-connected toy they are considering buying or they have already purchased; check the toy’s security measures such as Bluetooth authentication and encrypted data transmission; check to see if the company behind the toy issues firmware/software updates and if they do to make sure they install them; and finally research where data from the toy is stored and whether the company storing it has a good reputation for security.

Photo: maguisso/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU