Best Connected Christmas Ever! Or Is It?

This Christmas season is shaping up to be AWESOME for electronics aficionados—largely thanks to Santa’s goody bag being filled with some of the most interesting connected toys and gadgets of all time.

I mean, who doesn’t want to get their young spawn some of the cool stuff on the shelves this holiday season? Think soccer balls that track your form when you kick them, a Star Wars First Order Stormtrooper Robot with AR and facial recognition features that will patrol an assigned area and alert you if there are any intruders, a mini-bowling ball you can steer with your face or kid-friendly wearable fitness gadgets that encourage physical play and movement. This is, in other words, the awesomest Christmas season ever if you’re a kid (or a cool geek) with indulgent, relatively disposable income-spending parents/friends/whoevers that like you.

But….sigh, time to throw a whole lotta humbug right over that irrational festive exuberance.

“Unsecured smart toys present serious risks to the children who play with them,” said Ryan Polk, Internet Society (ISOC) Policy Advisor. “You wouldn’t buy a toddler a toy that is a choking hazard. You wouldn’t buy a toy with lead paint. So you should make sure you buy smart toys that will keep children safe and respect their privacy.”

With holiday shopping season in full swing, the safety of connected gadgets and toys is in the full cybersecurity spotlight, as well they should be. Consider some recent events, as Polk pointed out: Hackers exposed the personal messages recorded to play through a smart teddy bear, strangers can send messages to nearby children by using a toy robot’s Bluetooth feature (I hear this is Roy Moore’s personal fave) and companies could be using a toy’s microphones not only for voice commands, but to also collect personal information to share with third parties.

The danger is especially piquant when it comes to connected toys for kids. Polk ominously framed the issue: “When your in-laws give your child a loud toy for the holidays, you know you are going to have to hear it for the next few months,” he said in a blog post. “But when that toy connects to the internet, how can you be sure that you’re the only ones listening?”

Errrr…so much for spirit of the season, there, Ryan. Thanks for remotely executing coal into my stocking. Coal injection…heh heh. Geddit?

Fortunately, there are several things parents can do to be smart when buying toys this holiday season, according to ISOC:

1.       Read the reviews. Consumer organizations and others review connected devices and toys as part of their buying guides. Mozilla and Which? Both released buying guides for smart toys this holiday season.

2.       Read the user agreement. User agreements should tell you what data a smart toy collects. They also should tell you who they share that data with. Will they send your child’s data to advertisers or other third parties?

3.       After you buy it, keep up with updates. Even if a smart toy is secure when you buy it, you have to keep up with updates to keep it secure. When buying a device, make sure it can be updated. Another factor to consider is how long the developer will support the device with updates.

4.       Ask yourself, does this need an internet connection or Bluetooth functionality? If you cannot tell if a toy is safe and privacy respecting, it may be better to buy a similar toy without the internet or Bluetooth functionality.

“Shopping smart doesn’t only keep you and the ones you love safer, but also helps send a clear message to toy companies,” Polk added. “Security and privacy are too important to be an afterthought. They must take a central role in designing any smart toy.”

Good advice. All I want for Christmas (besides a Star Wars Droid Inventor Kit, natch) is not to get hacked. Nor my kids to get hacked. Nor anyone, really, to get hacked (is Trump having a gold-plated virtual reality “alterno-facts” gadget that fetches news headlines made, I wonder?). So be aware, choose wisely and maybe we can all be cautiously festive about connected toys again. 

What’s Hot on Infosecurity Magazine?