The Latest Hack is Targeting Your Kids’ Smart Toys

You may be worried about identity thieves hacking your online accounts to steal credit card information. Did you know they can also hack into your child's toys?

Yes, that's right. Toys that connect to WiFi or Bluetooth could pose a threat allowing thieves or strangers preying on children to gain access to their personal information or even talk directly to your children.

A recent report by Which?, the largest independent consumer body in the U.K., showed that several toys on the market have security vulnerabilities, including the Furby Connect, I-Que Intelligent Robot, Toy-fi Teddy, and CloudPets cuddly.

These toys were all found to allow adults to remotely take control of the toy and communicate with a child because they feature unsecured Bluetooth connections, so you are not required to supply a password or PIN to gain access to the device.

Also, as the toy interacts with the child, some save responses on the cloud and that information can be accessed through a portal parents use to hear and share their child's interactions with the toy. This poses a threat especially if a company is breached as that personal information may be compromised. (See also: How to Stay Safe with Connected Devices)

While just a few toys out of the thousands available were studied, the topic of connected toys has surfaced on the radar of security organizations around the world, including:

  • The Federal Bureau of Investigation, which released a consumer alert to parents about connected toys in July.
  • The U.S. Public Interest Research Group, which named a smart doll to its annual "Trouble in Toyland" report that calls out unsafe toys.
  • Germany's Federal Network Agency, which classified the My Friend Cayla doll an "illegal espionage apparatus," meaning retailers could be fined if they failed to disable its wireless connection before sale.

While connected toys are becoming popular, it's not worth allowing someone to gain access to your children, even if it's just through the voice command. And consider this, sometimes it is the simplest and most basic of toys or items that can spur the learning and excitement you seek in a good toy.

So mix up the kind of toys you offer your child and don't feel pressured to get the latest and greatest gadgets.

If you already have some toys that may be vulnerable, what can you do? Make sure your home WiFi network is secure and turn off the toy when it's not in use. Also, do not ever connect it to public or unsecured networks.

The FBI's consumer notice suggests parents also do the following:

  1. Research any known security issues with the toy.
  2. Look into the toy's internet and device connection security measures.
  3. Use authentication when pairing the device with Bluetooth, such as a pin or password.
  4. Stay up to date with any manufacturer security update or patches as well as any software updates.
  5. Investigate where the user data is stored, with the company, a third-party source or both.
  6. Closely monitor your child's activity with the toy.
  7. Use strong and unique login passwords when creating user accounts.

These days, it is imperative parents proactively protect their children's identities and personal information. So in addition to watching out for connected toys and monitoring the social media activity of older children, you may also consider an identity theft protection product such as Experian's IdentityWorks which has a family plan that will monitor two adults and up to 10 children.

Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer, or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.
Sign up for helpful tips, special offers and more!
You're signed up!
Our system is undergoing maintenance and will be available again soon.