Say what you want about the Furby; the 1998 “must have” toy that was one of the first robots successfully marketed to kids might haunt your dreams with its mewling Furbish language, but at least it didn’t try to steal anyone’s personal information. Unfortunately the same cannot be said for many of today’s “smart” toys, which use WiFi connections and apps to “learn” things, like your kid’s birthday, tastes, and preferences. And because those WiFi connections and apps connect to “the cloud,” that information may be accessible to hackers. Even Furby thinks that’s creepy.
Last September, Fisher Price released it’s Smart Toy Teddy Bear. This very square stuffed bear “remembers” your kid’s name and birthday because you input that info into an app — an app that security firm Rapid7 recently discovered had some serious vulnerabilities. Fisher Price swiftly corrected the issue before anything was stolen, but the same can’t be said for VTech. In December, a white hat hacker (those are the ones who exploit companies’ poor security for sport and don’t use the stolen data for profit) managed to download personal data for over 6 million kids, and 190 gigs of photos uploaded to VTech’s “Kid Connect” app. That same month, another security firm figured out that Mattel’s Hello Barbie, which includes an artificial intelligence that kinda sorta does “learn” based on things it hears your kid say, was similarly vulnerable. Mattel also handled that flaw promptly once it was exposed, but … Suddenly, Furbish doesn’t sound so bad, does it?
It’s still pretty early days for WiFi-enabled toys, to say nothing of AI-enabled ones, and manufacturers with limited tech experience are scrambling to put in place the sort of security protocols that your Apples and Googles have baked into their product release process. They’ll no doubt get there, but in the meantime you could always just pick up a new, totally not connected LEGO set — they’ve got one with a dad pushing a stroller!