Nowadays, it is not surprising to hear that a lot of devices are having vulnerabilities, especially the IoT devices. However, you may not know that the connected toys for children are also having a lot of security flaws. Among these security flaws, the lack of authentication for device pairing is one of the big problems. It is necessary to understand the danger these vulnerable toys can bring to kids before you shop a connected toy for children in this holiday shopping season.
Inside the FBI: Internet-Connected Toys Pose Security Risks
Last year parents have been warned to avoid buying “smart toys” after the extent of their security vulnerabilities and data-sharing was revealed.
“An investigation by The Times found that almost two thirds of popular connected toys shared data with third parties such as advertising companies, and in 28 per cent of cases the makers did not say whether children’s data was protected by encryption.”
Internet Connected Toys Pose Security Risks:
In the research done recently, smart toys from some top brands such as Mattel and Spinmaster were tested for cybersecurity issues. Among the tested smart toys, missing the authentication for device pairing is the most popular problem. This is a big problem as it can make sure the smart toy is connected to a legitimate as well as a trusted source. The lack of authentication will lead to an open to a variety of attacks, and it will absolutely endanger the kids.
Other than the lack of authentication for device pairing, there is another flaw found in this research. The websites used for updates or downloading certain features in these smart toys were missing encryption and exposing the account data. It this case, hackers can intercept the smart toys and steal personal information from the users. In addition, as the websites would indicate if a username or email address was already registered, attackers can launch brute-force attacks to gain access through these registered usernames and email addresses.
Internet-connected toys raise privacy and safety concerns
Therefore, a fix on these vulnerabilities is necessary and urgent. Fortunately, one of the smart toy manufacturer Singing Machine responded to this issue that,
“Safety is a top priority with every Singing Machine product produced, as demonstrated by our 37-year history without a product recall. We follow industry best practices as well as all applicable safety and testing standards”