A new Senate report has detailed privacy and security concerns related to so-called ‘smart toys’ — that is, Internet-connected toys for children. These toys may gather information related to children, possibly including things like their names and other details, which could then be vulnerable to data thieves. The primary concern highlighted in the report tends to be identity theft, with some worrying that vulnerable personal data on children can be used to open financial accounts and other damaging things.
The report comes from Senator Bill Nelson, and it points out instances in which kids’ data has already been compromised. One case is the VTech data breach, which left details on millions of kids and their parents exposed. It also points toward alleged security issues with Fisher-Price Smart Toy Bear and the KGPS hereO GPS watch.
Despite data security policies that aim to protect customer data, the report points toward vulnerabilities and potential vulnerabilities as a serious concern. Once a company is breached, the data is entered into the wild and could potentially be used by anyone with ill intent.
Bank accounts, credit cards, and other things opened in a child’s name are liable to go years without detection, and could make it very difficult to get student loans and similar things later in life. For this reason, the Senate report recommends that toy makers make security the top focus from the very beginning of a toy’s development.
As well, it encourages the FTC to ‘carefully monitor’ such connected toys in regards to privacy and security, and it also encourages parents to educate themselves on this matter, including what kind of data a toy collects and whether the company has a history of security issues.
Update: HereO has sent SlashGear the following statement:
Whilst hereO was included in this report, at no point was any child ever at risk. Firstly, the watch hadn’t even been produced yet, so no children could be wearing them. Secondly, after we were contacted about the potential issue (which related to the smartphone app during its testing phase) in December last year, we fixed it within four hours.
The safety of children is paramount to absolutely everything we do – it’s why hereO exists, and the reason the hereO watch includes features like child safety zones, breadcrumb trail logs and a panic button. It’s also why we dealt with this situation so quickly, and continually work with leading edge technology partners.
Since addressing the issue, we’ve been working with two world-leading cyber security firms who carry out random penetration tests of the hereO watch, smartphone app and systems to ensure there will never, ever be privacy concerns or a situation where a child is put at risk.
We’re very thankful to Rapid7 for highlighting the issue to us a year ago, during our testing phase, and grateful for the valuable support of the global IoT community in our combined and relentless efforts to maintain a bar-none, zero-tolerance environment for the safety and security of our users.