The US Federal Bureau of Investigation on Monday warned parents that internet-connected toys can pose serious risks to their children’s privacy and safety.
Smart toys made by a slew of companies are “increasingly incorporating technologies that learn and tailor their behaviours based on user interactions,” the FBI said. As opposed to “dumb” toys of yesteryear, new models are being brought to market with various types of sensors, microphones, data storage and even GPS capabilities.
“These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed,” the FBI said, adding:
Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment. The collection of a child’s personal information combined with a toy’s ability to connect to the Internet or other devices raises concerns for privacy and physical safety.
Perhaps even more worrisome to parents, “the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”
The FBI says parents should “examine toy company user agreement disclosures and privacy practices, and should know where their family’s personal data is sent and stored, including if it’s sent to third-party services.”
Other US agencies have also taken action on the subject, with the Federal Trade Commission updating its guidance on the Children’s Online Privacy Protection Rule to state that it covers connected toys.
The concerns are not purely academic. German authorities warned users earlier this year that Cayla, a doll, contained “unauthorised wireless transmitting equipment”. In a separate incident, security researchers learned that a toymaker left databases containing information related to…