This week we’re talking about . . . toys that spy on you

Forget about nanny cams – start looking a little more closely at your child’s ‘smart’ toys

Seeing the bigger picture: “smart” toys are sometimes at risk from hacking. Photograph: iStock/Getty Images

Seeing the bigger picture: “smart” toys are sometimes at risk from hacking. Photograph: iStock/Getty Images

 

Say what now?

Exactly.

No, really. What are you talking about?

All those connected toys that seem so clever, responding to your child’s chatter. You know, like My Friend Cayla, or last year’s Hello Barbie. The toys use voice recognition, but none of that happens inside the toy – it’s sent off to the cloud, translated and sent back to the doll in rapid time. Experts have warned that connected toys could be hacked, putting your child at risk.

How exactly could they be hacked?

We’re not experts on My Friend Cayla, but people who claim to be knowledgeable on these things say that Cayla connects to your tablet or smartphone over unsecured Bluetooth. The problem there is that if your phone can connect to it, so can complete strangers in range of it.

Is this a new thing?

The hacking? No. There have been warnings about the security risks of these toys for more than a year now. Last year, researchers hacked into Cayla, describing the doll as a Bluetooth headset dressed up to look like a doll. Random pairing, man-in-the-middle attacks – there were more than a few things that raised security eyebrows. Particularly the Android app, which could be modified to make Cayla say some distinctly unchild-friendly things.

Toys are becoming increasingly “smart”. Take this year’s Furby, the Furby Connect, which connects to an app on your tablet via Bluetooth. Strictly speaking, it doesn’t need to connect to your tablet for anything except software updates, but it adds an extra dimension to play (a rather annoying one, mind you), including increasing your Furby’s knowledge of viral videos. Do you need it? No. Is it fun? Eh . . . for kids, yes. But there are other toys that rely heavily on some sort of wireless connection to function properly. Mix that with lax security and you might have a problem.

The moral of the story is: toy makers, buck up your ideas.

Is it likely to happen?

Never rule anything out. There were some very surprised – and rightly freaked-out – parents who realised that their internet-connected baby monitors were vulnerable to being hacked by outsiders a couple of years ago. So the general rule of thumb should be if it has a wireless or Bluetooth connection, proceed with caution and follow all the security protocols you can. Anything that can be connected to the internet or a wireless is potentially vulnerable to being hacked. And while companies can take all the steps they feel are necessary to prevent that from happening, or at least minimise the risk, all it takes is one tiny chink to take advantage.

There is another angle to consider. All those voice samples that are sent to the cloud to be analysed are subject to certain data protection regulations, but that’s a minefield and one that is changing all the time. And who reads the privacy policies that come with these devices? We’re betting not many people. (If you want to freak yourself out with exactly what Google knows about you, including listening back to some voice samples that Android captured, read more here.)

So what should I do then?

Read the fine print carefully. Be aware of the risks. And if in doubt, don’t connect the toy – although, for some of them, that would entirely defeat the purpose.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.