I don’t know about you, but I feel that the best toys are tech toys and we’re not just talking about kids here. But we probably should focus on the kids since the newest and best toys this Christmas are high tech. Sorry moms – Mr. Potato head fell out of fashion about 50 years ago. Unfortunately just recently security researchers tested smart toys from several top brands including Mattel and Spinmaster and discovered that many if not most of these high tech toys that use Bluetooth or WiFi have major security vulnerabilities.
Here’s what you should look out for when shopping or before you open that battery powered who-knows-what your son, daughter, niece or nephew has been begging for:
- Some Bluetooth toys allow you to connect to them without a password. Well, think about it, if you can connect without a password, so can anyone else. From there, who knows what they can do with that toy. They could use the toy to control it or spy on you or your kids. Not good. For example, security researchers found that walkie-talkie devices of the same brand as that of the toy could be effortlessly paired and used to communicate with the child, from a distance of up to 450 feet away.
- Another flaw they found was that some toys required logging into certain websites for updates or downloading certain features. But, these websites were missing encryption and consequently exposed account and session data that could being intercepted by almost anyone. Furthermore, these websites often indicated whether a username or email address was already registered. While this sounds harmless, this could allow attackers to launch brute-force attacks to obtain registered usernames and email addresses which could then be used for spam, phishing and malware. Not good.
So what can you do about it?
Let’s be real here. The responsibility of keeping their product safe to use may lie with the manufacturer, but we as parents should check to make sure that the item we are purchasing is actually cyber-safe. A good place to start is to check the manual. Does it have sufficient language indicating the product’s security and privacy? If not, that’s a red flag. Even so, if you have already made your purchase and if you’re worried about security, try being old fashioned and use supervision while your kids are playing with the toy and when they’re done with it, turn it off. In fact, if you’re still nervous about it, go ahead and take out the batteries. Sometimes it’s just not worth the risk.
Stay safe out there.