background preloader

Connected toys

Facebook Twitter

Protecting kids from insecure devices and invasive online services – Kaspersky Lab official blog. Considering the sweeping regulations and laws meant to safeguard children’s privacy in particular, you might think electronic devices and connected toys for kids would be particularly safe and secure.

Protecting kids from insecure devices and invasive online services – Kaspersky Lab official blog

We generally regard children’s privacy as sacrosanct — kids are particularly vulnerable to advertisers, marketers, predators, and more. With each new data leak brought to light, it becomes ever more clear that we cannot trust manufacturers to take care of our security, or the security of our children. Let’s analyze a couple of examples to understand the nasty surprises smart toys can hold. Spying In December 2016, privacy advocates filed a complaint with the US Federal Trade Commission against Genesis Toys, producer of Cayla dolls and i-Que toy robots. The plaintiffs were quite clear from the start: “This complaint concerns toys that spy.” Let’s examine the elements of the claim: Genesis Toys’ spying capabilities were sufficient cause for German regulators to ban their sales entirely.

Toys That Listen: A Study of Parents, Children, and Internet-Connected Toys. This post was written by Emily McReynolds, Program Director for the Tech Policy Lab at the University of Washington.

Toys That Listen: A Study of Parents, Children, and Internet-Connected Toys

What do teddy bears, My Friend Cayla and Barbie have in common? They are all toys connected to the internet that can listen, overhearing what goes on in the home. Security breaches and the privacy challenges of these devices are regularly in the news. During the holiday season of 2015 Hello Barbie faced significant pushback from privacy advocates and the companies involved, Mattel and ToyTalk, were responsive to concerns. This past holiday season a complaint was filed with the Federal Trade Commission over My Friend Cayla’s privacy failures and recently the doll was banned in Germany.

Describing them as Toys That Listen, our team at the Tech Policy Lab sought to better understand their privacy and security implications. More information about our work is available through conferences we have participated in. Germany Issues Kill Order for a Domestic Spy—Cayla the Toy Doll - WSJ. Hacking the playroom: How can children be safe and protected in the digital w... This year, the digital world will reach a significant milestone – Almost 50% of the world’s estimated 7.4 billion population will be online.

Hacking the playroom: How can children be safe and protected in the digital w...

And, according to research by UNICEF Innocenti, one-third of these will be children. So what are the particular risks or harms that children face in an increasingly connected world? In this blog, children’s online rights expert Dr Rachel O’Connell will examine the issues through the perspective of recent reports about connected toys. She will then consider the new European Union data protection rules, which come into force in 2018 and how these and other developments might help to provide more security, privacy and safety.

Toys that talk and listen As connected and smart toys are being utilised by companies as marketing tools, advertising, product placement and sponsoring are increasing. Cayla was also in trouble for failing to protect children’s data and privacy. To be clear… Rights of the child. Jrc105061_final_online. Teddy bears involved in hacking 800,000 user records – IT Governance USA Blog. Teddy bears that send and receive audio messages via smartphones have become the center of a major security threat.

Teddy bears involved in hacking 800,000 user records – IT Governance USA Blog

Spiral Toys, which manufactures the Internet of Things-enabled toy bears under its CloudPets brand, has left more than 800,000 customer records and 2 million audio recordings exposed. Spiral Toys held customers’ emails and passwords on a MongoDB database that was reportedly neither password-protected nor behind a firewall, leaving it vulnerable to attack. Moreover, the database had been indexed by Shodan, a search engine that makes it easy to find unprotected websites and servers. The voice messages were held on a separate Amazon S3 bucket. However, because the app and its users had such poor password practices, hacking into customers’ accounts and listening to saved messages would be relatively simple.

Password requirements A “minimal issue”? Spiral Toys went on to claim that there was no direct evidence that the information got into the hands of hackers. Teddy bear spies. Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Recordings - Motherboard. A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange heartfelt messages left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen.

Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Recordings - Motherboard

Since Christmas day of last year and at least until the first week of January, Spiral Toys left customer data of its CloudPets brand on a database that wasn't behind a firewall or password-protected. The MongoDB was easy to find using Shodan, a search engine makes it easy to find unprotected websites and servers, according to several security researchers who found and inspected the data. The exposed data included more than 800,000 emails and passwords, which are secured with the strong, and thus supposedly harder to crack, hashing function bcrypt. During the time the data was exposed, at least two security researchers, and likely malicious hackers, got their hands on it. "They were very irresponsible. " Children's messages in CloudPets data breach.