We’ve discussed the impact that the Internet of Things (IoT) is having on security many times in the past, but we need to focus the spotlight on how it affects privacy as well. It isn’t just that IoT devices can be hijacked by hackers and leveraged for massive DDoS attacks these days, many of these useful gadgets are also collecting massive amounts of data on us and our families.
The rise in both the adoption of IoT devices and the data they are able to collect has led the FBI to issue a strong warning about “smart toys,” IoT-enabled dolls, learning games and similar toys for children.
Is Our Children’s Privacy At Risk?
Today there are a plethora of toys on the market that contain cameras, microphones, and software for collecting data to personalize our children’s playtime. From dolls that use voice recognition to “talk” to kids to more learning-focused gaming devices, these devices are collecting data on our children, and, at least in some cases, storing it online. The risks here are obvious – one data breach and identifying information on our families could end up in the hands of hackers.
This isn’t the first time this topic has come up either. In 2015, Hong Kong-based VTech announced a data breach in its Learning Lodge database. The educational toy maker noted that names, email addresses, passwords, secret questions, IP Addresses, and even mailing addresses of its customers were all leaked online due to the breach. The larger concern, however, was that the names, gender, and birth dates of the children using the toys were also vulnerable.
While that leak was smaller than other major leaks in 2015, it’s one of the most significant hacks in history, due to the sensitive nature of the information that was stolen.
Reducing IoT Privacy Risks at Home
Luckily, there are ways we can reduce risk and improve IoT privacy in light of these threats. While not using unsecured IoT toys is an obvious option, many of these devices are beneficial for child development and education, and cutting them out entirely isn’t always the best answer. In its report, the FBI offered numerous tips and tricks for improving IoT privacy and reducing the risk of private data on our children being stolen.
- Be informed on the manufacturer’s security and any data breaches they have had
- Only use connected toys on trusted wireless networks
- Understand how the toy connects to other devices (Wi-Fi, Bluetooth, etc.) and make sure whatever devices it’s connecting to are properly secured
- Use strong authentication on connected devices, including two-factor authentication and biometric authentication were available
- Carefully read company privacy policies and understand where and how collected data is stored
- Monitor your children’s activity with any IoT-enabled toys
- Determine whether or not the cameras/microphones can be turned off when not in use
- Make sure to follow security best practices for any accounts related with such toys
- Minimize the amount of identifying data you input for creating accounts for your children related to these toys
These are just a few best practices to follow. When considering the security of IoT devices in your home, whether they are toys or home automation devices, it’s essential to also use strong authentication methods like biometric-based multi factor authentication to secure logins to any account.