News

IT NEWS

Smart toy security: How to keep your kids safe this Christmas

Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home this year. Videogame playing has increased considerably, because why not? Screentime for kids has gone up, because again, it’s bound to. It hasn’t brought about the end of civilisation and the kids are still alright.

You’d expect a big surge in smart/IoT toys all over the place given the current mood. However, there seem to be very few toys like this in the various “top Xmas toy gift” lists currently. I’ve yet to find an internet connected Baby Yoda, or a big brand doll acting as a Wi-Fi hotspot. Having said that, similar toys do exist, will be bought, and at least a few random gifts will be in the news next year for all the wrong reasons.

With this in mind, here’s how to keep smart toy security top of your Christmas list, and keep your kids safe from harm.

How to improve your smart toy security this Christmas

  1. Read product descriptions thoroughly. If they link to EULAs, read them. If they mention internet connectivity, find out what specifically the toy needs it for.
  2. Consider these questions. Does it plug into a database, and if so, for what purpose? Does it do facial recognition, and is it storing your child’s image outside of the device? Is it saving data like name, address, age? Where is the data stored, and is it secure? Does the company purge everything on a regular basis, or does it hang onto it for a while? How long? If the answer is “indefinitely”, is there some sort of data protection law it falls under which allows you to request deletion yourself?
  3. Watch out for “faux” connectivity. There’s a lot of toys which imply internet features, but merely present that as a kind of façade for the kids. Cameras/recorders exist which present themselves as kids making their own social media styled clips, but, everything stays on the device and associated USB cards. It’s just the kids having fun, maaan. If in doubt then, as above, have a dig around for EULAs or additional product information. Worst case scenario: if it has connectivity, you’ll still need to go dig out internet options, punch in your router code, and so on. This is probably beyond your toddler, though mileage will vary depending on how many years use you expect to get from the device.
  4. Security may be an afterthought. We’ve probably all heard the horror stories about cheap devices, knocked out with no security functionality whatsoever. Even with privacy policies and safety assurances, you may wish to limit how much data is exposed either way.
  5. Advertisements and data collection is probably more of a gaming/tablet concern than random physical toys. This is almost certainly somewhere at the bottom of the “Things I should be concerned about” list. You may well take a totally different approach if said ads and tracking are tied to digital games, of course.
  6. What websites/portals are tied to the toy? Often, we see non smart toys promoted with cool rewards and gifts should you sign up to their official website. Treat those sites with caution. There may be questions over what data they’re collecting, how they store it (similar to data beamed to servers by smart toys), whether or not the website is SSL and so on. Kids’ sites could be hot targets for scammers in December, so ensure you visit with your full complement of security software in full operation.
  7. Your smart toy may need software updates, especially to ward off potential security threats. If it gets them, that’s great! However, keep in mind that support for most devices is limited. Even major software is eventually put out to pasture by the biggest corporations. Your child’s cuddly talking robo-toy won’t be supported forever. Once that happens it could be vulnerable to future attacks or old exploits which were missed first time around.

Have fun but be sensible

There is absolutely a risk from smart/IoT toys, and IoT products generally sell well over the holiday period. They’re a big deal. Having said that, there’s no need to panic. If you’re in the market for some fun smart toy action, do your usual fact finding before the purchase. Scour reviews, see what the toy does, check for any server-based antics, and make an informed decision.

Keeping your kids safe from products which spend all their time in their room has to be a priority above everything else.

We wish you a safe and entirely pleasant toy time this Christmas.

The post Smart toy security: How to keep your kids safe this Christmas appeared first on Malwarebytes Labs.