Some parents are banning “smart toys” this Christmas to protect their kids from social media and the internet for as long as possible. As CBS reports in their article, “Why Some Parents Are Banning Smart Toys This Christmas”, parents are avoiding many popular high-tech gadgets that can actually track, monitor and record children. While federal law requires a parent’s permission to track and collect data on children under 13, a Federal Trade Commission complaint filed alleges widespread violations through apps that “send persistent identifiers to third parties without giving direct notice to parents.”
This isn’t the first time that there have been issues with high-tech toys collecting data on kids. As CNET reported in June 2018, “Amazon said it has pulled CloudPets, a smart toy that researchers said was riddled with security flaws, from its online store. Last week, Walmart and Target stopped selling the toy. Amazon began removing CloudPets on Tuesday morning. The decision comes a day after Mozilla contacted Amazon with research showing new vulnerabilities on CloudPets. “In a world where data leaks are becoming more routine and products like CloudPets still sit on store shelves, I’m increasingly worried about my kids’ privacy and security,” Ashley Boyd, Mozilla’s vice president of advocacy, said in a statement.
CloudPets, made by Spiral Toys, is a talking toy that’s connected online, uses voice recordings and an online app through Bluetooth.
But in 2017, hackers were able to access CloudPets’ database, containing email addresses, passwords and voice recordings from children, which cybercriminals held for ransom at least twice. The breach affected more than 800,000 people.
Mozilla worked with cybersecurity research firm Cure53 to see what vulnerabilities CloudPets still has after the original breach in 2017. They found that CloudPets’ Bluetooth vulnerabilities first demonstrated more than a year ago are still open.
The firm conducted its tests for vulnerabilities in March, and found that CloudPets did not meet security standards. Spiral Toys did not respond to a request for comment.
“The company clearly does not care about their users’ security and privacy being violated and makes no effort to respond to well-meaning attack reports, further facilitating and inviting malicious actions against their users,” the researchers wrote in their report.
The researchers also discovered that CloudPets’ mobile app refers users to a website called “mycloudpets.com/tour,” a domain that is currently for sale and can be redirected by potential criminals in online scams.
CloudPets also had a third vulnerability, researchers said, that allowed potential hackers to install custom firmware to the toy without any security checks to stop them. Installing custom firmware would let a potential hacker take control of the toy, along with any data that passed through it.
Smart parents are banning these ”smart toys” to protect their kids from data breaches, hackers, and other potential issues. Be sure to thoroughly research any high tech toy before you bring it into your house.
One of the biggest issues of all might be the way these “smart toys” introduces “smart devices” to kids who are too young to have access to the internet and social media. These toys, that require apps and the internet to utilize all features, become like gateway drugs to smartphones and tablets. Parents who can avoid giving these devices to their kids until they are at least 13 will be able to avoid a number of potential issues.