How to know if your child’s smart toy has been hacked
Digital technology has infiltrated every aspect of our lives and opened up our homes to hacking and other forms of criminal activity – and that means toys are no longer just a choking hazard for children.
As smart toys have grown in popularity, authorities around the world have warned parents against giving their children technology that is poorly secured. Any device that can connect to the internet is vulnerable to hacking, but experts have found that some toys are particularly insecure. Germany's Federal Network Agency telecoms regulator has responded by banning the sale of smartwatches marketed at children as well as the My Friend Cayla doll, claiming that they a re an invasion of privacy and could be used to track a child's location.
The FBI issued a similar warning about smart toys to parents last year, while a recent report by consumer group Which? highlighted that the Furby Conne ct, I-Que Intelligent Robot, Toy-fi Teddy and CloudPets featured unsecured Bluetooth connections, as its testers were able to access the devices without a password or pin. At the time, the cyber security firm teamed up with Which? for the project called for such toys to be removed from the market with immediate effect.
IBTimes UK has contacted the manufacturers of these toys for comment and is awaiting their responses. Furby manufacturer Hasbro said at the time that "privacy is a top priority", while i-Que manufacturer Vivid Imaginations said that none if its products had been used in a malicious way. The makers of Cloud Pets and Toy Fi both declined to comment.
However, experts suggest that prevention is better than the cure – as it is hard for the average person to identify a hacker.
"Your best defence is vigilance," Peter Bassill, CEO of Hedgehog Security told IBTimes UK. "Has the toy said something that doesn't seem quite right? Are the lights flashing in a different way from when you first got it? Has it performed an action or done something while it wasn't being played with? You are looking for the out of the ordinary, which will give away if something is wrong." Asking your child if their toy is behaving in a strange way is also advisable, he added.
"The reality is there is probably not a lot parents can do to spot t heir children's toys have been hacked, other than keep an eye on the news for stories of attacks happening or alerts from manufacturers – which in itself is quite shocking," Stu Cox, a senior developer at app building firm Potato w ho specialises in security, told IBTimes UK.
Before buying toys, parents should check that they have built-in safeguarding tools.
"For example, they should make sure that any Bluetooth connections to the toy can be secured with a pin code that the parent can can choose themselves," Thomas Fischer, global security advocate at Digital Guardian, told IBTimes UK. Toys with a parents' interface that enables adults to control the device's capabilities and access its history will enable them to check for suspicious activity and connects to other devices, he added.
"I predict that electronics manufacturers will start developing products that families can add to their WiFi to look out for abnormal data being transferred and they are alerted this way," said Cox.
However, experts are also careful not to scaremonger. "Connected toys are not bad, perse," Liviu Arsene, Senior e-Threat Analyst at cyber security company Bitdefender, told IBTimes UK. "Smart toys and smart things behave just like internet-connected computers and smartphones. They need to be protected and secured."
Commenting on the potential danger of smart toys for inews.co.uk, Carolyn Bunting, chief executive of Internet Matters, a non-profit organisation that advises the government on child internet safety, said that screen time, cyber bullying and peer pressure on social media are more obvious concerns for parents. "It's a bit of a stretch, isn't it, that a padophile's gonna get you through your Anki Overdrive smart cars?" she said.