Toys in 2017: Batteries (and Cybersecurity) Not Included


Gone are the days of making explosion and fighting noises while playing with toys. In the age of the internet of things, even children’s toys are connected to the internet and often have companion applications. 

The popular Netflix Inc. series “Stranger Things” is filled with 1980s nostalgia, including landlines with bungee phone chords, a boombox with a cassette deck, and kids deep into Dungeons & Dragons role playing.  If the series were set in 2017 instead of 1983, lead frazzled mom Winona Ryder might be playing Pokemon Go on her mobile phone, music at house parties would flow from Bluetooth speakers, and Dungeons & Dragons would be played on IoT devices instead of a on a gameboard.

Web-connected smart toys offer amazing possibilities, but many of these toys also bring potential privacy and security peril for children from geolocation sensors, microphones, cameras, and other multimedia capabilities. 

The FBI recently urged consumers to research privacy and security measures in toys, and carefully read their privacy policies and data use disclosures. In particular, the FBI recommended making sure that toys can receive software updates and security patches. “If they can, ensure your toys are running on the most updated versions and any available patches are implemented,” the FBI said.

After buying internet-connected toys, the FBI recommended that consumers closely monitor children’s activities and usage of companion apps, make sure the toy is turned off when not in use, and only connecting to secure Wi-Fi networks. 

Industry professionals and member of Congress share the FBI’s concerns. Privacy attorneys told Bloomberg BNA that web-connected toys pose serious privacy risks for children and that the Federal Trade Commission will likely focus more enforcement attention in that area. In December last year, Sen. Bill Nelson (D-Fla.), ranking member of the Senate Commerce, Science & Transportation Committee, unveiled a report warning parents about the privacy risks associated with internet-connected toys.
In 2015, hackers infiltrated the official Hello Kitty fan website and stole the details of 3.3 million users, including young children. The Hello Kitty hack came on the heels of millions of accounts for the electronic children’s toy maker VTech, and the discovery of a many security vulnerabilities in the internet-connected “Hello Barbie" toy.

But not all children may be defenseless against cybersecurity threats. In June, the Girls Scouts of the USA announced a series of 18 cybersecurity badges that will be available starting in 2018. Now, Girls Scouts will be able to sell delicious cookies and also know how to delete tracking cookies

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.