What did you get for Christmas? More to the point, what did your child find under the tree on Christmas day? And whilst they’ve been playing with it, are you sure they’re safe? With Wi-Fi connected toys topping the list of Christmas gifts for children, AVG’s Tony Anscombe explains why parents need to consider the security implications and how connected they want their child to be.
Consider Online Gaming Safety
Many parents will have noticed the invasion of talking (and listening), ‘artificially intelligent’ (AI) toys hitting the shelves this holiday season. Once inanimate, mute objects on which we had to project personalities, movement and more, the latest high-tech toys are increasingly learning to think for themselves – with sometimes worrying consequences.
Hello Barbie, Goodbye privacy?
One of the most talked about recent examples of such a toy is Barbie. The beloved companion of many, Barbie recently became more interactive than ever with the introduction of a smartphone app that connects Barbie to your Wi-Fi network allowing her to listen, reply and learn over time. Much like Siri or Cortana, Hello Barbie has an in-built microphone and, through a server in the Cloud, uses voice recognition software and artificial intelligence to understand what is said to the doll and then selects an appropriate response. Learning as she goes along, Barbie mimics a real life friend by remembering details that she can drop into future replies.
While this might be every kid’s dream, it’s likely to be a real cause for concern for the more privacy and security conscious parents among us. Consider this attention-grabber from the Guardian for starters:
“Security researcher warns hackers could steal personal information and turn the microphone of the doll into a surveillance device.”
Scary thought. As with any connected device, the debated risk is that Hello Barbie could offer an easier in for hackers attempting to infiltrate your Wi-Fi network. While ToyTalk which manages the toy’s Cloud connection emphasises the security measures it has taken, security researcher Matt Jakubowski, discovered the doll is vulnerable to hacking when connected to a Wi-Fi network. Jakubowski accessed the doll’s system information, account information, stored audio files and gained direct access to the microphone.
On top of their security concerns, parents might also wonder what is happening to the data being captured as their child chats away to Barbie. Is it being stored anywhere? Is anyone listening to it? Will your child end up being bombarded with advertising for other talking toys? According to ToyTalk, it does share recordings with third-party vendors, but only to improve their products.
The need to consider the security and privacy implications is further highlighted by the recent data breach of five million customers’ details, announced by toy maker Vtech. While the data did not include credit card details it did reveal names, email addresses, encrypted passwords, secret Q&As used for password retrieval, mailing addresses and download history. Worryingly, the BBC reported that this may even have included children’s pictures, chat logs and audio recordings of conversations between children and parents.
Talking teddies increase hours online
It’s not just the privacy and security implications that we should be worried about, either. As more and more ‘soft toys’ tap into the current trend for connectivity and AI, the more time our children will end up spending online. According to recent research carried out by AVG, one in six (16%) 4-6 year olds in the UK are spending up to six hours online every day, clocking up a massive 2,190 hours each year. That’s three times higher than the UK average of two hours a day for children aged 4-16.
But, what are they doing for all this time? According to the research they’re splitting their time between playing online games (25%), watching videos on YouTube (40%) and using apps (16%). In addition, two thirds of today’s children already have one to two smart devices of their own by the time they are six – a number that ignores the emerging connected toy category completely.
With key functionalities of these toys dependant on features such as Wi-Fi connectivity, voice recognition, data collection and apps integration, parents must recognise that the toy they are handing their child is a connected device – and treat it in the same way as a tablet or smartphone.
Does this mean limiting soft toy ‘screen-time’, supervising them whilst they play or ensuring the correct security and privacy measures are in place to safeguard them and their new playmates. As parents we need to ensure our kids can play safely online – whether they’re ‘logging on’ with a tablet or teddy.
Tony Anscombe is an Online Security Expert at AVG Technologies.