Internet-Connected Dolls and Toys: 3 Hidden Dangers

Internet-Connected Dolls and Toys: 3 Hidden Dangers

At first glance, internet-connected dolls, robots or other “smart” devices that can interact with your children may seem really cool. After all, your children already talk to their toys, right? Well how do you feel about a hacker listening into everything they say to a doll?

Suddenly the toys go from cool to creepy.

The truth is that beneath the shiny surface of smart toys there is a lot going on that could put your children’s or family’s privacy at risk.

Collecting PII and much more

Smart toys can have a variety of different features for collecting and processing information, including a microphone, software, or even a sensor to recognize gestures.

To build a friendship, toys may ask specific questions about your children’s lives, in addition to "listening" to what they say as they play. That means that the toy manufacturer may have access to a wealth of personally identifying information (PII) about your child and your family, such as:

  • Your child’s name
  • You and your significant other’s name
  • Where you live
  • Much more. [1]

The dark side of connected toys

The sharing of all this information between your child and the toy manufacturer’s servers is problematic on multiple levels.

  • Potential hacking target—Toy manufacturers may be lax about security. For example, security researchers have found easy ways to turn smart dolls into listening devices using free apps. [2] They could also steal personal information directly from the servers that process and store data.
  • Marketing manipulation—Smart toys can be used to gather information about your child and your family for targeted marketing advertising purposes. Some manufacturers specify in user agreements that they can share information gathered through the device with third parties. And some toys are even programmed to endorse commercial products. [3]
  • Confusing terms of service and privacy agreements—Do you remember reading through the 6,000-word Terms of Service and privacy agreements with your parents before you played with your first doll or game? Kidding aside, the dense and confusing privacy and user agreements associated with smart toys can make it difficult to know what’s being tracked from day to day. [4]

Buyer beware

When your children are desperate for the latest popular toy, it can be hard to say no. But it’s worth thinking carefully before bringing a smart toy home.

Before taking the plunge, follow these three tips to protect yourself:

  • Research first. Google the product to look for red flags about security or privacy. Keep in mind that if the product is new or hasn’t become popular, you may not get a clear picture of the risks.
  • Educate. Talk to you children about what types of information are okay to share with the toy and ask them to turn it off when not in use.
  • Monitor. Keep an eye on how your child uses the toy and make sure it’s turned off during discussions that include sensitive family information.

[1] “These Toys Don’t Just Listen to Your Kids; They Send What They Hear to a Defense Contractor,” Consumerist, Dec. 2016.

[2] “This is Why Tech Toys are Dangerous,” Computerworld, Dec. 2015.

[3] “Connected Toys Violate European Consumer Law,” Norwegian Consumer Council, Dec. 2016.

[4] “These Toys Don’t Just Listen To Your Kids; They Send What They Hear to a Defense Contractor,” Consumerist, Dec. 6, 2016.

Copyright 2017 CyberScout