The announcement warns consumers that they should consider potential cybersecurity concerns before introducing smart toys – interactive toys that are connected to the Internet – into their homes. The sensors, microphones, cameras, and tracking capabilities incorporated in many of these toys and devices, says the agency, could put the privacy and safety of children at risk.
Of particular concern is “the large amount of personal information that may be unwittingly disclosed” – not only from user interaction with the toys themselves, but also from activity that takes place in their vicinity. For example, built-in microphones could record and store conversations that take place within “earshot” of such a device.
“The collection of a child’s personal information combined with a toy’s ability to connect to the Internet or other devices raises concerns for privacy and physical safety, says the announcement. “The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”
Key vulnerabilities cited in the announcement are the cybersecurity measures used by the toy – and potential third-party companies – in the transmission and storage of collected data. Data containing personal information could be exposed if it “is not sufficiently protected with the proper use of digital certificates and encryption when it is being transmitted or stored.”
In order to minimize such risks, the agency advises consumers to carefully examine toy company user agreement disclosures and privacy practices, as well as research online for any potential known issues with the Internet-connected toy(s) they may be considering purchasing. Among a checklist of suggested actions, the FBI recommends consumers research the toy’s Internet connection security measures, how it updates its firmware/software, and where it stores its data.
In addition, says the agency, consumers should closely monitor children’s activity with the toys – ideally with a toy’s partner parent application if available – as well as ensure the toy is turned fully off when not in use. Other measures include using strong passwords and providing minimal personal information when creating user accounts.
Google patents connected smart toys that listen, speak
Smart home security ‘woefully inadequate’ says report
Consumers on IoT: Sounds good, but security concerns
Connected devices poor on privacy finds global IoT sweep