Connected Toys Can Breach Security

When shopping for the latest gadgets for your children this Christmas, be aware of some of the risks involved when buying connected toys.

Not many people would realise that when they buy a wearable, baby monitor or a WiFi connectable toy, that they are in fact, potentially exposing themselves to being hacked by e-criminals. Just last week, a complaint was lodged with the US Federal Trade Commission over internet-connected toys recording and transmitting kids' conversations in violation of privacy rules. In the past few years, many baby monitors have also been reported for hacks, the latest one in the US with a hacker directly spying and talking to the toddler though the monitor.

On average, Australian households now have nine internet-connected devices. With Christmas just around the corner many people are going out to buy the latest piece of technology for their friends and family members, but whilst getting the person what they want, they are also potentially exposing them to security issues. Any device that can be connected to the internet, has a Bluetooth signal, or be controlled remotely has a risk of being hacked. With the average Australian home having around nine devices connected to the internet the threat of your privacy and personal information being at risk is very real. Thankfully there are some things that you can do to protect yourselves and have the latest products.

Nick FitzGerald, Senior Research Fellow at ESET has a few tips on why and how we should be taking the security of connected gifts seriously.

“Firstly, consumers should understand that as long as a device can be connected to the web or other devices and isn’t secured, it can be accessed stealthily and used to a cybercriminal’s advantage. If parents understand those risks, but still want to go ahead, there are a few steps to optimising security levels” explains FitzGerald.

  1. One of the easiest things that you can do is to make your passwords more secure. You can do this by lengthening them, changing letters to numbers, include a capital letter, not re-using the same password over and over, and not keeping a list of the passwords that you use on your computer, instead try the old fashioned way of writing it down.
  2. Another thing that you can do to ensure the protection of yourself and the people you care about is before buying a new device for yourself or giving one to another person is searching the name of the device with the keywords ‘hack’, ‘glitch’ or ‘scam’ and seeing what results come up.
  3. Ensure that before agreeing to any terms of service or allowing apps or programs access to data on your phone you should carefully read through what data they would need access to, and whether they agree to not give provide your data to a third party. This would at least ensure that your data goes no further.
  4. When giving a new device to your children, make sure that you check what permissions the app wants access to as sometimes an app can request access to things such as your home address, phone number, bank account details and general information that about your private lives. As a rule of thumb it is not necessary to give away any information requested by an app that you wouldn’t want to give away to a stranger!
  5. When not in use, turn the gadget off completely.

Whilst many people would simply dismiss the easy access of a device as a threat, in reality it is a huge problem because once devices are accessed, any personal information can be breached. What’s even more concerning is how easy it is to gain access to the lines of code that can gather all of your personal information. In 2012 a 15 year old managed to hack into 259 companies over the span of 3 months just by using a few lines of code he found on the internet.

FitzGerald also explains that with wearables, such as with a fitness tracker or smartwatch, it is even more vital to protect your data. As wearers are not often sure what the security policies of the relevant manufacturers would entail, including how to properly secure the devices or how much of their own personal data they’re sharing with the rest of the world.

Some wearables use Bluetooth Low Energy (BLE), which transmits data but can also be intercepted by hackers. The threat is there to potentially exposing a lot more information and fitness data from wearables than users would like. Scammers can also obtain compromised account credentials on the black market and then try username/password combinations on different systems to see if they work on a targeted website.

Additionally, if a wearable has to communicate with other systems in order to work, but those systems are not properly secured, the security of the device itself might be an issue.

So when you are out this year buying your loved ones the latest piece of technology make sure to do your research so that you are best able to protect your private information.

FitzGerald advises, “Although consumers have to admit there is an associated risk with using these kinds of devices, there are some cyber-hygiene rules to follow if they receive or offer such a gift for Christmas”, and it’s always important to be security conscious in the age of connected devices.