IoT toys are more than fun and games. IoT Security vulnerabilities can potentially lead to a violation of children’s privacy and safety, the FBI warns.
Toys and entertainment devices for children are increasingly embracing IoT technology, especially those that learn and change behaviors based on the child’s interaction with the device. Now the FBI is warning parents that the cameras, microphones, GPS options and other multimedia capabilities pose an IoT security risk that could put their child’s safety and privacy at risk.
The agency says in its latest security alert that this is due to the large amount of personal info that could be collected and unwittingly disclosed.
How to keep your IoT devices secure
The FBI says given the lax IoT security on many devices, these toys and entertainment gadgets (or any IoT device) could be hacked and the data collected accessed to harm the child. The agency advises parents to chose IoT toys that can receive firmware and software updates, connect only to secure and trusted Wi-Fi networks and know where the data collected by the toy is stored. The FBI also shared the following security suggestions:
- Research for any known reported IoT security issues online.
- Research the toy’s Internet and device connection security measures.
- Use authentication when pairing the device with Bluetooth (via PIN code or password).
- Use encryption when transmitting data from the toy to the Wi-Fi access point and to the server or cloud.
- Research whether your toys can receive firmware and/or software updates and security patches.
- If they can, ensure your toys are running on the most updated versions and any available patches are implemented.
- Research where user data is stored – with the company, third-party services, or both – and whether any publicly available reporting exists on their reputation and posture for cyber security.
- Carefully read disclosures and privacy policies (from company and any third parties).
- Closely monitor children’s activity with the toys (such as conversations and voice recordings) through the toy’s partner parent application, if such features are available
- Ensure the toy is turned off, particularly those with microphones and cameras, when not in use.
- Use strong and unique login passwords when creating user accounts (e.g., lower and uppercase letters, numbers, and special characters).
- Provide only what is minimally required when inputting information for user accounts (e.g., some services offer additional features if birthdays or information on a child’s preferences are provided).
Not just fun and games
These suggestions also apply to any IoT device, not just toys and devices for children. If you suspect sn IoT device you own may have been compromised, file a complaint with the Internet Crime Complaint Center, at www.IC3.gov.