FBI releases warning regarding privacy concerns for internet-connected toys
The Federal Bureau of Investigation released a public service announcement alerting consumers to the potential dangers of “smart toys,” basically any toy that can connect to the internet. This applies to a range of toys currently on the market that have everything from microphones to cameras to cloud storage of audio, video, and other data collected from users. The FBI raises concerns about toys negatively impacting your children’s privacy and security.
The features and functions of different toys vary widely. In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment. The collection of a child’s personal information combined with a toy’s ability to connect to the Internet or other devices raises concerns for privacy and physical safety.
Just as an example, imagine a child telling an internet-connected stuffed toy: “And we’re leaving tomorrow for Disney World. No one will be here for a week. I hope you won’t be lonely.” If the parent has provided their address as part of the toy’s “activation” or the toy has GPS capability, potential bad guys know that your house will be empty—perhaps too tempting for robbers.
In moving rapidly to bring internet-connected toys to the market, manufacturers (particularly manufacturers of overseas-produced inexpensive “knock-off” versions of popular toys) might have overlooked proper security measures or not fully complied with the Children’s Online Privacy Protection Rule and Federal Trade Commission’s guidance for these types of technology. For this reason, the FBI has advised parents to be mindful of the implications of poorly secured smart toys and offers several tips for you to improve the security of internet-connected toys. Here are some more helpful pointers for you to consider.
- Use strong and unique login passwords. This includes changing any default passwords provided by manufacturers. While those passwords may seem strong and unique, manufacturers often assign the same password to all or many devices. Passwords should be changed immediately to ones that only you can possibly know.
- Ensure your toys are running on the most updated versions. Failing to update the device’s software may make it vulnerable to hacking or other problems. You may or may not be automatically prompted to install updates. If not, you can easily change your device settings to receive automatic updates.
- Only connect and use toys in environments with trusted and secured Wi-Fi internet access. In addition to ensuring that your home network is secure, remember that open Wi-Fi networks such as those you might access at a hotel, airport, or restaurant are often not secure.
- Do not buy a toy that doesn’t let you know exactly how data is collected, used, stored, or processed. If at all possible, research the privacy policy of the toy before purchasing. This applies even if your child receives the toy as a gift. If you can’t verify that it’s safe, consider whether it is worth the risks to keep the toy.
- Many internet-enabled toys and devices will come with an app that can be downloaded onto a smartphone, giving you control of the device anywhere you can connect to the internet. You need to consider the privacy and security of that app as well as the toy itself. Review the app’s settings and policies carefully for what will be shared and potentially accessed.
- If your child grows tired of the toy, be careful when giving it away or reselling it. Your child’s information should be deleted before you discard it. Manufacturers should offer guidance on how to remove your child’s information. Additionally, if your child loses the toy, immediately contact the manufacturer to ask how stored data can be removed.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.
