The FBI issued a public service announcement on July 17 related to consumer safety – but the threat is something you may not consider dangerous: internet-connected children’s toys. The Bureau says that these internet-connected devices could present privacy concerns for children and families alike. Although toys that incorporate technology that learn behavior are growing in popularity, so are the safety concerns surrounding them. Often, these toys contain sensors, microphones, cameras, data storage equipment, speech recognition, and even GPS capabilities – all of which could spell danger.
The large amount of personal data disclosed by these toys is alarming – microphones, for example, can record conversations within earshot of the toy. Information such as the child’s name, school, activities, and even likes and dislikes can be acquired, and this can lead to obvious security concerns. Personal information is typically provided when a user creates an online account for the toy – companies even collect large amounts of additional data such as voice messages, conversation recordings, location information, and Internet addresses. What can be done with all of this data? Criminals can use it to commit child identity fraud. If personal information is acquired by the wrong parties, it can also lead to the risk of exploitation – children may trust someone who knows detailed information about them (what school they attend and hobbies, for example.)
How are these potentially dangerous toys connected to the internet? The FBI says that smart toys are generally connected in two ways. A device can be connected directly, through a Wi-Fi network, or indirectly, via a Bluetooth connection to an Android or iOS device that is connected to the internet. The latter can be especially dangerous, because an indirect connection may seem more safe to a consumer. Toys that do not require a password when connecting to a Bluetooth device can also lead to the unsolicited collection of data.
But what can be done about this? The FBI says consumers should examine toy company user agreements as opposed to simply clicking “I agree to the terms and conditions,” to see what personal data is being sent to or stored by companies. To rush products to the market, security concerns are sometimes overlooked – and consumers should preform and online search of the product to see if there are any known issues that have been identified with them. The Children’s Online Privacy Protection Act (COPPA) was also designed to protect children on the internet, putting sanctions on the type of data that can be collected on websites geared towards children younger than 13.