Something New to Worry About: Connected Toy Security
by Bree Fowler, Associated Press
Your smartphone or tablet is most likely pretty secure — not perfect, maybe, but generally unlikely to be hacked or to store, say, your email where other people could read it.
The same can’t be said for any Internet-connected toys you may have purchased for your kids. Recently discovered security flaws in a pair of such toys highlight just how badly the toy industry has neglected such problems, theoretically exposing kids to online threats.
While major crimes teeming from the hack of a connected toy haven’t yet surfaced, some experts argue that it’s only a matter of time.
Kids “aren’t expected to be Internet security experts and neither are their parents,” said Tod Beardsley, security research manager for Rapid7 Inc., the Boston-based cybersecurity firm that published the toy-security research on Tuesday.
Rapid7 researchers examined the Fisher Price Smart Toy, an interactive stuffed animal for children aged 3 to 8 that connects to the Internet via Wi-Fi. They also took a look at HereO, a GPS smartwatch that allows parents to track their child’s location. In both cases, they found that the toys failed to safeguard children’s information such as their names and in the case of the watch, their location, storing it on remote servers in such a way that unauthorized people could access it by masquerading as legitimate users.