'Toys to Life' Ups the Hacking Ante—But They're Cool

Smart toy sales will reach $2.8 billion in hardware and app content revenue this year, driven by the popularity of the console-connected ‘toys to life’ segment. That total will be supercharged by upcoming Black Friday ad Christmas holiday sales, according to Juniper Research. Consider it a gift-wrapped new cyber-attack surface.

With smart toys from the likes of Activision and Nintendo already enjoying a successful 2015, more recent offerings from Skylanders Superchargers, Disney Infinity and LEGO will push the sector’s sales to 136 million units, according to the firm.

LEGO’s entry into the market in September 2015 with its LEGO Dimensions videogame is a good example of the trend. It works like this: Dimensions comes with a physical pad that plugs into a console, and a video game that has 14 different worlds. Gamers place a minifigure or other object from a compatible, physical LEGO set on the pad, and that object is ported into the game—where users can play with the virtual version of the toy within the video game. Multiple movie franchises are of course already on board with this smart bricks evolution.

No doubt, the ultra-cool capability to “port” real-life objects into video games is a tantalizing thing for kids and adults alike (and imagine—the day is probably coming when you can even port yourself into the game—I imagine it like Tron, only…with better graphics).

By bridging the physical-digital divide, and leveraging the cloud to create interactive ‘intelligent’ toys, vendors like LEGO are able to capitalize on the console ecosystem—and in some cases, the mobile one. Some versions of the toys-to-life trend allow the ported object to pop up in synched mobile apps as well. Offering paid additional content for toys via the apps also will become of increasing importance to vendors as a revenue stream, naturally.

There’s also a great deal of synergy—read: engagement—to be had. “My children have already spent as much time playing with the LEGO minifigures and vehicles as they have playing the game,” said one Forbes reviewer. “In fact they have, at times, played the game just to access the next set of vehicles building instructions to make their next LEGO set.”

Countries such as the US, Japan and the UK are high-interest markets for vendors, owing to their highest on-average annual spend on smart toys per child—these playthings are not cheap, as you may imagine.

“Price is one of the biggest hurdles for consumers” noted research author Steffen Sorrell. “The smart toy carries a premium price at the moment, particularly those that connect to mobile devices, although we expect this barrier to lower somewhat by the end of the decade.”

And a key concern in all of this is—surprise!—security. Smart toys are a perfect conduit for accessing home networks—and children, for that matter.

 “When such devices connect with the cloud, they should definitely use HTTPS encryption for that communication,” said F-Secure’s Sean Sullivan, speaking to the Guardian. “You can build it secure, but eventually, somebody will find a bug. The key question is can it be updated to maintain its security? Will toy companies go to that expense?”

Juniper expects vendors to acquire third-party software expertise to avoid PR disasters caused by hackers.

Along with the concern that personal data will be lost, there’s a financial aspect to this too.

“Although toys don’t store financial data, passwords and the like, toys with direct internet connectivity should give parents pause,” Sullivan noted. And that’s especially true when it comes to offerings that enable in-app purchases.

So, parents, even though you and the kids may want to give your LEGO Star Wars the Force Awakens the VR treatment, just remember—everything that’s connected is a potential attack vector, so vet your toys-to-life purchases accordingly.

What’s Hot on Infosecurity Magazine?