Some smart toys have dumb security flaws

The high-tech toys parents buy for their children may be costing them their privacy and safety. Some toys have shown vulnerabilities, putting parent's and children's information at risk.
Feb 08, 2016

390 views   |   1 shares
  • The high-tech toys parents buy for their children may be costing them their privacy and safety.

  • The new "smart toy" industry, or toys that connect to mobile apps and wireless networks or store digital information, was an estimated $2.8 billion industry in 2015, according to Juniper Research. Toys like Mattel's Hello Barbie, Fisher Price's Smart Toy teddy bear, HereO GPS watch and several VTech devices have either been hacked or showed serious signs of vulnerability and possibility of security breach. This means information about children and their parents, including the whereabouts of their kids, could be out in the open.

  • VTech Holdings Limited announced on their website a breach of the Learning Lodge App database containing customer information last fall.

  • "Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history," the announcement read.

  • The tech website Motherboard had an expert review the breach. According to an article reporting on the hacking, the stolen information "also includes the first names, genders and birthdays of more than 200,000 kids" and that "it's possible to link the children to their parents, exposing the kids' full identities and where they live."

  • The HereO GPS watch, advertised for kids 3 and up, says on their website it allows parents to "keep track of their young children's whereabouts at any time directly on their smartphone." Through the app, users can add other family members into their network. But according to research done by Rapid7 Community, due to inadequate protection, someone could "add their account to any family's group, with minimal notification that anything has gone wrong." This would allow the person with access to know "every family member's location, location history and be allowed to abuse other platform features as desired."

  • Advertisement
  • After Rapid7's analysis, HereO issued a press release announcing the loopholes had been resolved. Fisher Price also fixed bugs reported by Rapid7 in their Smart Toy teddy bear.

  • Similar concerns were raised over Hello Barbie's ability to listen and respond to a child and how the doll sends and receives information over the internet. According to a different Motherboard article, researchers uncovered "several flaws that could have allowed hackers to spy on children's conversations with the doll." These bugs were also fixed, said Motherboard.

  • Smart toys like these are rising in popularity. Juniper Research said smart toys are "emerging as the key market for toy vendors."

  • In the Motherboard article about Hello Barbie, a researcher from the security firm Bluebox Labs, Andrew Blaich, encouraged parents to be extra careful with these types of smart toys,

  • "As more and more stuff is connected to the network and we're sending more stuff to servers that we don't know where they may be located and what sort of security is on them, the best advice for parents is to be careful and be aware of what information they're sending through internet connected devices," said Blaich.

Want uplifting and insightful stories in your inbox?

Share with your friends!

Nick received a Bachelor's Degree in Mass Communication at Dixie State University in Utah where we was Opinion Editor at Dixie Sun News. Now he interns for Deseret News National. Follow him on Twitter at

8 things I want to thank my mom for now that I’m a parent

Being a mom sure isn’t easy, and you know that even more now that you’re a parent

Advertisement
Tell us your opinion
 

Thanks for subscribing to our email list. Please enjoy our latest articles.

tumblr