Kids Smart Toys – An Open Invitation for Hackers?

Tis the Season!

The holiday shopping season is already upon us, and Christmas right around the corner. Parents, relatives, and friends around the world are looking for that perfect gift to put under the tree, and as has been the case for at least the past decade, the coolest gifts are those that run on batteries and light up. Even Santa knows that it’s smart toys season!

But this year, unlike in previous years, the gizmos and gadgets aren’t just available for grown-ups. Hundreds of kids’ smart toys are on the market, and if predictions are correct, they’re going to be the must-get gifts for kids all over the world. They’re fun and cool, of course, but like all other smart devices, they’re not without a few serious drawbacks.

Smart Toys Popular This Season

Sphero BB 8 Star Wars DroidIt’s estimated that a quarter of UK consumers will purchase kids’ smart toys as gifts this Christmas season. While gift cards for the Apple App Store and Google Play are always popular, there are a lot of toys and devices aimed specifically at kids.

There’s a lot of stuff that kids can control with apps, like race cars and robots in all shapes and sizes. These smart controllables do everything from simply respond to app commands to actually teach kids how to write code. There are loads of different options available, including several from Sphero like BB-8, the fun new droid in the latest installation in the Star Wars saga: The Force Awakens.

There are also mini drones for budding extreme photographers, as well as tablet-like devices that run Android but are geared toward little hands and little minds. There’s even a Hello Barbie from Mattel — a smart doll that can actually hold a conversation with its young owner. You’ve heard of the Internet of Things? Get ready for the Internet of Toys.

Internet of Toys – It’s All Hackable

dji droneLast month, the Intel Security Group released its annual list of the most hackable gifts for the 2015 holiday season. All the usual suspects were on the list, like smart watches, fitness trackers, tablets, and drones. However, lots of kids smart toys, apps, and gadgets were also included.

Security breaches are always a concern when it comes to devices, especially those that work via BlueTooth or wifi. Comprised data, identity theft, file corruption — they’re all real threats. With many devices, however, encryption and other security measures have been taken to prevent these breaches. However, the sad truth is that minimal thought is typically given to security on gadgets for kids.

Sure, there may be a few cursory security measures in place, like a simple password. But even then, the default passwords are typically something easy to guess, like 1234 or 0000. Most kids don’t know to change the password, and their parents don’t think to change it either, and that leaves those gadgets vulnerable to hacks and outside control.

VTech’s Hacking Troubles and Lessons Learned

VTech_logoUnfortunately, all of these concerns about hacks on children’s gadgets are no longer hypothetical. On November 14 of this year, VTech, a Hong Kong-based manufacturer of electronic learning products and devices aimed at kids and their parents, was the victim of a massive security breach. It affected both their Learning Lodge app store database and their Kid Connect servers.

While no credit card information was stored on the hacked entities, lots of other personal data was compromised — mostly contact information of parents, photographs of children, and download histories associated with the accounts. Also, the affected population was enormous: almost five million parents and over six million kids in more than a dozen countries, including the UK, France, Germany, the US, Canada, and others.

So, if you had been under the impression that children’s toys were safe from the infiltration of hackers, the VTech debacle proves otherwise. The company is now in the process of cleaning up a massive PR mess and reassuring its customers, which is something that no company wants to do. Additionally, some US Senators are now putting pressure on VTech, and the entire smart toy industry in general, to increase their security measures so that a breach of this magnitude never happens again.

There is one minor bright spot in this disaster, if you can call it that. The tech website Motherboard was actually able to score an interview with the anonymous hacker, who insisted that the purpose of the infiltration was simply to highlight security weaknesses. The hacker does not actually plan to do anything destructive with the data; it was only meant as a warning that data is vulnerable, and that the next time, the information obtained through a hack could be used in harmful ways. If you’d like to read more about Motherboard’s conversation with the alleged hacker, it’s available here.

5 Things Parents Can Do to Prevent Hacks

hello barbieThe big lesson learned from the VTech breach is that kids’ products are as susceptible to hacker attacks as any bank or major retailer. The latter businesses use high levels of encryption and security, and the manufacturers of children’s gadgets need to do so as well. For any business, a hack into their system could mean losing the trust and, more importantly, the business, of people all over the world.

While the responsibility for tighter security measures sits squarely on the shoulders of the companies and manufacturers, the parents of children who use smart toys need to be vigilant in terms of what they purchase and how they protect themselves and their children. Here are 5 things that parents can do.

  1. Change the default password on devices. Password protect everything you can, from phones to networks, and make those passwords hard to guess. If you’re using 1234 or 0000 as your password, you might as well not be using a password at all. Finally, change passwords regularly.
  2. Be extra careful when using public wifi hotspots. This mostly boils down to not making big purchases or conducting transactions of a sensitive nature on a network if you aren’t sure of the nature of its security.
  3. Turn off a device’s BlueTooth connectivity when it’s not in use. If the connectivity is off, you reduce the risk of outside control.
  4. Find out about the security and encryption on the gadgets you own. You can always ask the manufacturers directly.
  5. Keep your devices up to date with the latest firmware, operating systems, and app versions to make sure all of your security settings are up to date.

Make it a Teachable Moment

As much as we want to shield our children from the evils and wrongs in the world, that isn’t always the most helpful things for them. If kids are old enough to use gadgets and devices, then they’re old enough to understand that there are risks involved and that there are ways to use technology that are responsible and safe.

It’s a great teachable moment. Parents need to talk to their kids about the cyber risks that exist and work with them to implement the safety measures mentioned above. Lots of kids think that the internet is safe, so it’s important to alert them to the harsh reality of the virtual environment. That way, they’re one step ahead of any potential hackers out there.

Framed in a Larger Debate

Beyond all of the cyber security issues surrounding these smart toys, there’s a larger and ongoing debate about kids and electronics in general. It started with kids and television, moved on to kids and video games, and now includes kids and smart toys and social media. The gadgets may be getting more advanced, but the central question remains: is all of this technology harmful for kids?

There are the usual answers: interacting with technology too much leads to social isolation for kids. It can also lead them to confuse fantasy with reality and, in the case of violent video games, promote aggression and negative behaviour. There’s also the issue of screen time and eye strain, and the overall limitation of real life interactions. While the concerns regarding security and the latest devices are completely valid, they can also be viewed as yet another argument in favour of limiting tech time for kids and teenagers.

Should You Buy Tech Gifts For Kids?

Advising parents to avoid buying tech gifts for the children in their lives would be allowing the hackers to win. Parents should not be so afraid of a security breach that they raise their kids as Luddites — that’s as detrimental as allowing them to play first person shooters all day. So yes, if you’re planning on buying a gadget for the young person in your life, then by all means, go for it.

However, you should do everything in your power to keep yourself, your kids, and your technology safe. Protect yourself, and teach your children why and how they should protect themselves. This way, your children get to enjoy the fun toys that they’ve been hoping for, and we all do our part to raise the next generation of conscientious and responsible digital citizens.

There are no comments

Add yours