Technology Toys are Popular Gifts that are also Vulnerable to Hacking
Parents Should Take Precautions to Ensure Toys Properly Operate and Shutdown
As part of its seven-part consumer alert holiday series, the New York State Division of Consumer Protection (DCP) is today alerting parents and families that Bluetooth and technology-enabled toys may be fun for families to interact with this holiday season, but these toys are also easy for hackers to access and manipulate for nefarious means. When children’s products, such as smartwatches, smart toys and gaming devices, are tested for vulnerabilities, results show exposures with microphone and camera access in sleep mode, Bluetooth connections without authentication, access to location information and conversation eavesdropping.
As children interact with technology-enabled and connected toys, usage and personal information (like location) is continuously uploaded to company servers. Once a toy is vulnerable to a hack, that information can be easily accessed and collected. Additionally, when toys allow children to search and access the web, the toy can effortlessly misdirect children away from age appropriate sites.
“Toymakers are in the business of making toys, not technology,” said Secretary of State Rossana Rosado, who oversees the New York State Division of Consumer Protection. “Making toys fun and easy to use often means technology and security take a back seat. New York families need to take extra precautions, especially when children are 35 times more likely to fall victim to identity theft.”
Steps to make technology-enabled toys safer:
- Research complaints. Parent blogs, social media, and security company websites often sound the alarm well before news stories hit. Check for known security issues before considering a purchase.
- Turn it off. When a child is done playing with a toy or leaves it, make sure the toy is first disconnected from the internet and then turned off. When toys remain connected to the internet in sleep mode, your personal privacy and information can still be accessed.
- Supervise. When children are playing with technology-enabled toys, watch their interactions closely to understand how the toys work and quickly identify when something is not right with a toy.
- Secure WiFi. Never use technology-enabled toys on public WiFi. Hackers gain easy access to the toy and can use it to capture other protected information in the home.
- Strengthen passwords. Make sure your passwords are unique and updated regularly. Try using a passphrase instead of a password and include special characters and numbers. If it’s difficult to remember so many passwords, try a password manager with multi-step authentication to manage your passwords.
- Use parental controls. Many toy companies claim they want to protect your child’s information. See which companies offer the option to delete your child’s information and select that option. Also, understand what settings are defaulted when you use the toy and what additional settings you can adjust to further protect your child.
- Read the policies. Companies are beginning to specify what information they store and share. Read the long policy documents to see what information is stored and what is used only for sign-up and then deleted. If this information is not clear, consider choosing another product.
- Follow your data. Interactive toys may store data locally or in the cloud. Toys that do not connect regularly to the internet are less connected and less likely to be hacked. Either way, check whether toys can have data deleted or better still, reset to factory settings, before passing it on to another household.
- Enter an alias. If setup requires additional information, provide a different name or nickname, birthdate and other important information. If the toy is hacked, this decreases the chance of child identity theft.
- Educate. Technology is here to stay. Toys can provide an opportunity to talk with kids about staying safe online. For ideas, check out Common Sense Media: https://www.commonsensemedia.org/privacy-and-internet-safety.
- Stay offline. Old-fashioned games, books and puzzles are making a comeback. Consider a family game night – without gaming consoles!
If you believe your child’s toy was hacked, report it to the Internet Crime Complaint Center.
For more information on Child Identity Theft, visit the Division of Consumer Protection website.
The New York State Division of Consumer Protection provides voluntary mediation between a consumer and a business when a consumer has been unsuccessful at reaching a resolution on their own. The Consumer Assistance Helpline 1-800-697-1220 is available Monday to Friday from 8:30am to 4:30pm, excluding State Holidays, and consumer complaints can be filed at any time at www.dos.ny.gov/consumerprotection. To view consumer alerts, consumers can visit https://www.dos.ny.gov/about/newsroom.html. The Division can also be reached via Twitter at @NYSConsumer or Facebook at www.facebook.com/nysconsumer.