Science and Tech


Internet-Connected Toys Are Prone To Hacks And Pose Privacy Issues

As internet-connected toys become more common, they pose a potential problem: The personal information they collect can be hacked.
Posted at 2:27 PM, Dec 14, 2017
and last updated 2017-12-14 14:27:12-05

If toys are on your holiday shopping list, make sure they can'tbe hacked.

Connected toys are becoming more popular. They can call kids by name and can even remember likes and dislikes. This might seem like magic to children, but it's actually a highly technical computer system constantly recording and storing data about the people around it.

And most toy companies can legally do this — as long as they clarify they're doing it, even if it's muddled in legalese. For example, Mattel's privacy policy for its talking Barbie says the company can collect and share audio recordings to improve its voice recognition technology.

That data, including emails and selfies, can also end up in insecure places. For instance, hackers held the company behind CloudPets for ransom after finding more than 820,000 customer credentials on a database with no firewall or password-protection.

Some consumers aren't aware they're under surveillance, while others never find out their data was compromised. One study found most kids don't know other people can hear what they said to a connected toy. And in the CloudPets case, users weren't informed of the hack for at least two months.

But governments are putting safeguards in place to protect consumers. Earlier this year, the Federal Trade Commission said connected toys must comply with the Children's Online Privacy Protection Act. And German officials pulled a connected doll from shelves after they found it could be used to steal data.