With Christmas just behind us, many of the households around Britain that contain children will have one or more new smart toys taking pride of place in bedrooms. They are in demand as the latest technology in the world always is as December comes around and Christmas lists are written, heavily influenced by advertising and playground, and these days online, chatter. But a recent investigation conducted by The Times newspaper into the security and how the data gathered by smart toys is shared should give parents pause for thought.
The alarming statistics on a range of popular smart toys investigated indicate that almost two thirds share the data gathered from their interactions with your child and household with advertisers. And in almost one third of cases the manufacturer provides no information on whether or not that data is encrypted or not. More worryingly still, security probes that tested toys for their resistance to hackers found that many lacked basic safeguards. At least two of the toys professional hackers employed by The Times were able to be penetrated in a way that would allow them to alter the configurations to spy on whoever was in the vicinity. The coding could be manipulated to send voice and image data to wherever the hackers chose.
Smart toys that can either connect directly to the internet through a wifi connection or by syncing with a smart phone are a quickly growing industry. The sector will be worth an estimated £4.8 billion a year this year. However, laws and regulations have not caught up with the new technology and smart toys are largely unregulated. The industry itself is also failing to police itself. The UK’s children’s commissioner has warned of a lack of transparency and the reaility that data including images and voice recordings of children is being sent by smart toys to “who knows where”.
Security warnings on several individual toys have already been issued over the past couple of years. In 2016, concerned IT experts warned that a My Friend Cayla doll could be accessed via its unsecured Bluetooth connection. This allowed strangers to listen to and, alarmingly, even talk to children via the dolls.
The Times investigation analysed 25 popular smart toys including soft toys, watches, drones, consoles, robots and drones. Of the 25, nine had either a microphone and camera and 4 both. 15 of the 25 toys shared data gathered with third parties. The manufacturers of half of the toys did not provide, either in literature sold with the toys or on their websites, what was deemed ‘adequate’ information on their security safety. When contacted by reporters, only 2 manufacturers responded to confirm encryption was used to protect the data sent through the toys. The others did not respond to the enquiries.
Without wishing to scaremonger, the report very clearly demonstrated that until regulations catch up with smart toy technology, parents in the modern world have a responsibility to thoroughly investigate smart toys. In the vast majority of cases there is probably no real risk to children. However, the very fact that a lack of adequate security means that there could be should hackers with ill-intent decide to target the toys is enough to demonstrate that before buying smart toys parents should carefully vet them.