We live in a world where the Internet of Things (IoT) is systematically infiltrating countless areas of our lives, including the toys our children play with. According to a survey conducted in 2019, as many as 53% of respondents already owned an IoT device, while a further 33% planned to purchase one in the next three years. As beneficial as IoT can be, it can also empower individuals with malicious intent. In December last year, UK consumer advice entity Which? stated that children’s toys purchased from popular retail outlets could pose a potential security risk by allowing strangers to communicate with children. To substantiate their claims, the entity purchased a total of seven ‘smart’ toys, and passed them on to an acclaimed security laboratory, the NCC Group, for further analysis. According to the report issued by Which?, the toys, of which some were aimed at children as young as three, posed a number of serious risks.
The dangers could not be ignored
The toys in question were handed over and an expansive series of lab tests were conducted. The analysis included a security evaluation that concentrated on the product vulnerabilities and design issues pertaining to the way children themselves interacted with the toys. The nature of the personal data acquired by the toys and the subsequent application of it was also investigated. The NCC Group stated that a total of 20 significant concerns were identified. This includes the absence of any solid authentication processes, such as the entering of a pin code, for toys with Bluetooth connectivity. Of the seven toys that were investigated, two fell into this category. They were both karaoke-type toys that allowed any device within 10 feet to anonymously connect with it. Although the toys did not allow for two-way communication, the risks involved are massive, as the technology would allow a stranger to send harmful and manipulative messages to an unsuspecting child.
The risks are multiple
While a lack of Bluetooth security and the ease of establishing unsolicited two-way communication were among the biggest concerns highlighted by the Which? report, they aren’t the only threats to take note of. IoT toys, in essence, represent risks that need to be addressed on two fronts. There is a range of vulnerabilities in connected toys that can be exploited to gain access to other segments of a network. Additionally, any unauthorized access to toy hardware and data can result in a privacy breach. Toys that feature technologies such as GPS tracking as well as speech and facial recognition may pose a considerable risk, and should be monitored very closely by parents and other responsible adult authority figures. Overall, parents need to become increasingly aware, not only of the safety concerns toys pose, but also the message they convey to children. This includes being mindful when choosing traditional gender-specific toys for children. While many little girls would gladly play with dolls while boys enjoy roughing it out with their army men or pirate sets, gender-neutral toys can help children become less self-conscious when it comes to finding toys that they like.
Toys should soothe and excite, not menace
IoT has revolutionized the world in many ways. Unfortunately, the risks of connected toys cannot be ignored, and parents, alongside other responsible adults, should be extremely vigilant when it comes to protecting children against any possible threats.