Connected Toys: Be Wary of Buying Christmas Gifts

By Libby Jane Charleston
on 15 December 2016

With Christmas just days away, there have never been so many choices for connected gifts; whether they’re wearables, connected toys or baby monitors.

However, while these gifts are lots of fun or practical, they can also be easily hacked by e-criminals or turned into a threat to consumers’ privacy.

Recently, a complaint was lodged with the US Federal Trade Commission over internet-connected toys recording and transmitting kids’ conversations in violation of privacy rules. In the past, some baby monitors have also been reported for hacks; in one case, a hacker was directly spying and talking to the toddler through the monitor.

On average, Australian households now have nine internet-connected devices. With the Christmas period coming up, more and more connected toys will be hitting retailers’ shelves, but parents should be questioning the security standards of these toys before making any purchasing decisions.

Nick FitzGerald, Senior Research Fellow at ESET has a few tips on why and how we should be taking the security of connected gifts seriously.

“Consumers should understand that as long as a device can be connected to the web or other devices and isn’t secured, it can be accessed stealthily and used to a cyber criminal’s advantage. If parents understand those risks but still want to go ahead, there are a few steps to optimising security levels,” FitzGerald said.

  • Check the privacy policy of the gadgets – Is your and your children’s data protected when entering information? For example, devices asking for addresses, names, phone numbers, and details about the children’s lives could also be available for hackers to access.
  • Check if the model or other gadgets of the same brand have had previous security vulnerabilities or privacy risks by searching for the brand name and those terms. Does your family want to risk being spied on? If not, maybe this gadget isn’t worth it. Or, if it still seems desirable, perhaps there are configuration options you can change to make them more secure – just remember to make those changes before you connect it to your home network!
  • If there are some requirements to being connected to the internet, double-check check your Wi-Fi connection is properly secured and install a strong password on the connected device if possible.
  • Get a proper security solution for all your devices. Via toys and baby monitors, hackers can also try to access your personal data through mobiles and tablets.
  • When not in use, turn the gadget off completely.

On connected devices:

When consumers receive a wearable, such as a fitness tracker or smartwatch, for Christmas they don’t always know the security policies of the relevant manufacturers, how to properly secure their devices, or how to control the amount of data they’re sharing with the rest of the world.

Some wearables use Bluetooth Low Energy (BLE), which transmits data but can also be intercepted by hackers – therefore potentially exposing a lot more information and fitness data from wearables than users would like. Scammers can also obtain compromised account credentials on the black market and then try username/password combinations on different systems to see if they work on a targeted website.

Additionally, if a wearable has to communicate with other systems in order to work, but those systems are not properly secured, the security of the device itself might be an issue.

“Although consumers have to admit there is an associated risk with using these kinds of devices, there are some cyber-hygiene rules to follow if they receive or offer such a gift for Christmas:

  • If you offer a wearable for Christmas, Google the name of it combined with the words hack, fraud or scam. This will help you understand any previous problems and help you make a more informed purchasing decision.
  • Once offered, set up your wearable and any associated online accounts with a unique username and password. These should be hard to guess – use passphrases instead of single words to optimise password security.

Related News

More WLT News