Thoughts from Lee Munson, security researcher at Comparitech.com following the news that US and EU data protection authorities need to take action against insecure networked toys.
“This Christmas, many parents may inadvertently invite their children into the Internet of Toys by buying them presents that double up as data collection and marketing devices.
“Perennial favourites such as dolls and robots have been updated with networking abilities that allow them to record what kids are saying, pass the information back to parent companies in other nations, and make references to affiliated products that their young charges will no doubt ask Santa to bring the following year.
“While this is certainly not the case with every toy on sale this festive season, and manufacturers are, largely, careful to state that they take both security and privacy seriously, it is a worrying trend, especially given the ‘when’ not ‘if’ that should be included in any discussion about a potential future data breach.
“Parents should therefore be very choosy about what they buy for their children and, as difficult as it is, should take the time to read associated EULAa and privacy policies before letting Carla or any other e-toy become part of their offspring’s play routine.
“Either that, or play it safe and put an apple and an orange under the tree (just be careful not to spoil them with the heat coming from the internet-connected fairy lights).”