The FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement earlier this week, warning parents of the privacy and safety risks associated with internet-connected toys. The advisory noted that smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interaction. “These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options,” the PSA read. Such features put children’s privacy and safety at risk due to the large amount of personal information that may be unwittingly disclosed, the agency said. Some toys have the ability to record conversations within earshot of the device, potentially collecting information such as the child’s name, school, likes, dislikes and other activities disclosed through normal conversation with the toy. Furthermore, companies also gather personal information when children create user accounts, including their name, date of birth, pictures and address. In the event that the sensitive information is exposed, the data could create opportunities for child identity fraud. In more extreme cases, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks, the FBI warned. Earlier this year, Germany banned the sale of an internet-connected smart doll named Cayla over hacking and data collection concerns. The country's Federal Network Agency also recommended parents destroy or disable the toy. Although the advisory does not mention specific toy makers, it urges parents to carefully examine toy company user agreement disclosures and privacy policies.
“Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports,” the PSA read.
Other recommendations include closely monitoring children’s activity with the toys through the toy’s parent application, if the feature is available; ensuring the toy is turned off when not in use; and using strong and unique passwords when creating user accounts.