FBI issues warning about ‘smart toys’ and info they collect

WASHINGTON (WBTW)– The Federal Bureau of Investigation has issued a warning about ‘smart toys’ directed at children.

These types of toys include ones that use voice-recognition software, contain sensors, microphones, or cameras, or can be connected to the Internet.

“These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed,” the FBI said in a press release last week.

Information like the child’s name, school, and activities may be recorded and can put your child in danger of exploitation, or at risk of identity fraud.

The FBI says parents or family members should review the toy’s company user agreements and privacy practices. It is also important to look into if data is collected through the toy and where it is sent and stored, even if it is sent to third-party services.

“The cyber security measures used in the toy, the toy’s partner applications, and the Wi-Fi network on which the toy connects directly impacts the overall user security.” The press release says.

This means the communication connections between the toy, Wi-Fi access points, and internet servers are at risk of hackers exploiting the toy or listening in on conversations.

Bluetooth-connected toys also are at risk of hacking, especially if the toy does not have PINs or passwords when pairing with mobile devices. This could allow for communication with a child, the FBI warns.

“It could also be possible for unauthorized users to remotely gain access to the toy if the security measures used for these connections are insufficient or the device is compromised.” The press release says.

So, what should you do?

The FBI has listed suggestions for what parents or family members can do to ensure the safety of the child when using the toy:

  1. Research the toy and find out about any known reported security issues online.
  2. Only connect and use the toy in environments with trusted and secure internet access.
  3. Research the toy’s connection security measures.
  4. Use a PIN or password when connecting to a Bluetooth device
  5. Use encryption when transmitting data from the toy.
  6. See if the toy receives firmware or software updates and patches, and ensure the toy is using the most updated version.
  7. Find out where the user data is stored (with the company, third party services, or both), and see if any public information is available on their reputation and cyber security.
  8. Carefully read disclosures and privacy policies.
  9. Monitor the child;s activity with the smart toys.
  10. Make sure the toy is turned off when not in use, especially if the toys use microphones and cameras.
  11. Create a strong and unique login password when creating user accounts.
  12.  Provide minimal information when inputting information for user accounts.

If you worry your child’s toy may be compromised, you are asked to contact the Internet Crime Complaint Center, at www.IC3.gov.