Children’s toys can spy on them through cameras, warns FBI

The agency says you should switch them off when they’re not being used

AATIF SULLEYMAN

The FBI has issued a warning about internet-connected children’s toys equipped with cameras and microphones.

The agency’s Internet Crime Complaint Center (IC3) division has told parents to be wary of them, and is advising consumers to carry out a series of checks before purchasing one.

It also says you should switch them off when they’re not being used.

Sensors inside the toys could put the privacy and safety of children at risk, according to the IC3, which specifically highlights exploitation risks.

As well as cameras and microphones, such toys could include GPS, data storage and speech recognition components.

“In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment,” it says.

The IC3 warning continues: “Personal information (e.g., name, date of birth, pictures, address) is typically provided when creating user accounts. In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs.

“The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”

The data collected from children’s interactions with such toys can be sent to the manufacturer and a third-party company responsible for the software.

“Voice recordings, toy Web application (parent app) passwords, home addresses, Wi-Fi information, or sensitive personal data could be exposed if the security of the data is not sufficiently protected with the proper use of digital certificates and encryption when it is being transmitted or stored,” says the IC3.

Earlier this year, an official German watchdog told parents to destroy an internet-connected doll because hackers can use it to spy on children.

My Friend Cayla was found to be equipped with an insecure Bluetooth device, which cybercriminals could hijack, in order to steal personal data and listen and talk to the child playing with it.

The IC3 has published a list of checks for people to perform before buying internet-connected toys, which includes staying up to date with software updates and switching toys off when they’re not being used. The full list can be found here.