Serious concerns have been raised over security issues that could lead to smart toy data breaches and children being at risk of contact from strangers or exposure to explicit content.
Consumer group Which? has reportedly identified serious security flaws in a number of smart toys that could lead them to being hacked or interfered with. They’re now calling on big name retailers like Amazon, Argos, John Lewis and Smyths to withdraw some “intelligent” and “connected” toys for sale this Christmas. They’re also calling on the government to introduce mandatory security standards for smart toy manufacturers.
We’ve talked in the past about the dangers of smart toys and the “Internet of Things” as greater connectivity opens more doorways for cybercriminals. In the run up to the festive season, the consumer group’s findings are set to cause justifiable concern.
Worries over smart toy data breaches
It’s worrying to think that children could be at risk from smart toy data breaches, and parents are right to be concerned by these recent findings.
There are worries over strangers contacting children via things like robots, karaoke machines and walkie talkies, and the obvious safeguarding risks that these concerns come with. It’s understood that a number of toys were tested, and it was found that some weren’t secure enough to avoid strangers being able to communicate with children.
A lack of authentication features and filters for some smart toys could allow messages and images to be uploaded to them via Bluetooth connections. There are also concerns with regards to a lack of strong passwords for online accounts linked to smart toys which could again lead successful hacks where platforms don’t enforce the use of strong passwords.
Response to the findings
According to Sky news, Which? had this to say with regards to smart toy data breaches and why there are major concerns:
“In some of the toys that we found, the major concern was that someone else could connect to the toy and actually start a two-way conversation with the child and this could be up to 200 metres away from the toy itself. This is quite concerning because parents might not always be around while their children are playing with these products, therefore not know what’s happening with the child and whether its communicating with anyone else – that can be quite dangerous.”
This is very worrying.
What’s being done about the problems raised?
Clearly, steps must be taken in order to avoid any incidents that could lead to smart toy data breaches. So far, some retailers have responded to the news and assured the public that products comply with applicable laws, and that work is being carried out to identify such issues.
But, as we often see with data breaches in general, there’s usually a reactive approach as opposed to a proactive approach. The warnings from Which? need to be taken seriously or we risk children being exposed to events that could cause considerable distress and / or the loss of control of personal and sensitive information.
We find that many of the people who contact us to make a claim for data breach compensation have been the victim of an entirely preventable incident. The trend must be changed to ensure that incidents are avoided as opposed to having to be dealt with. Manufacturers and retailers now have the chance to stop an event happening if they heed the warning from Which?