The FBI has issued a warning to parents over the privacy and safety risks posed to children by the technologies featured in smart toys and entertainment devices. Often, these toys contain sensors, microphones, cameras, data storage equipment, speech recognition, and even Global Positioning System capabilities - all of which could spell danger.
Normal conversation with a toy or in the surrounding environment may disclose a child's name, school, likes and dislikes and activities, the Federal Bureau of Investigation said.
Use encryption when transmitting data from the toy to the Wi-Fi access point and to the server or cloud.
"Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use".
Since December 25, 2016 until the first week of January 2017, Spiral Toys left customer data of its CloudPets brand on a database that wasn't firewall protected, and a result, more than 800,000 emails and passwords were exposed.More news: Goat shatters glass door at Colorado business
Before purchasing a connected toy, parents should examine the firm's user agreement disclosures and privacy practices, and understand where data is sent and stored.
"The exposure of such information could create opportunities for child identity fraud". The FTC now says its enforcement of COPPA covers internet connected toys along with already covered websites and apps.
The FBI also raised concerns over the potential of hackers exploiting these toys to spy on users.
This includes researching for any known reported security issues online, connecting and using toys only in environments with secured Wi-Fi internet access and closely monitoring the children's activity with the toys.
The FBI's advisory comes amid growing privacy and security concerns over increasingly popular smart toys and internet-connected devices. Personal information (e.g., name, date of birth, pictures, address) is typically provided when creating user accounts. "In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs", the agency explained.