12 ways to make connected smart toys safer
You have probably heard the hype about ‘smart toys’, also known as internet-connected toys, and may even be considering buying one for your child. But, what are smart toys and how can you make sure you're buying wisely and safely? Steve Wood, deputy commissioner for the ICO, an independent authority that upholds information rights in the public interest, has the following advice:
What are ‘connected toys' ?
Connected toys are internet-enabled toys that can be linked to Wi-Fi or Bluetooth and have other capabilities such as voice and image recognition. They have the ability to collect and store information about a person. This could mean app-enabled robots, drones or dolls that can ‘talk’ to their owners. These functions can make them exciting, engaging toys, popular with kids, but can also raise privacy concerns around the risks of third-party hacking, enabling strangers to spy on young people.
1. Research the security of a smart toy before buying
Doing your homework before buying a connected device should allow you to recognise those with poor security. Research online reviews and manufacturers’ websites for information on privacy notices and policies. You should also look to see how a product will be updated in the future if a security issue is identified.
2. Take care when shopping for smart toys online
At this time of year, when online shopping is nearing its peak, scammers may be more likely to try to access your personal information such as bank account or credit card details. Only use secure sites when shopping online – secure sites usually carry the padlock symbol. Get Safe Online has advice on how to protect yourself.
3. Take your time to read the manual
Don’t wait until Christmas Day, when excited children will want to just turn on a new toy or device and skip as much of the set-up process as they can. Take the time beforehand to read the manual and familiarise yourself with the security and privacy options available to you.
4. Change passwords and usernames from default settings
Default password or code protection will only provide the most basic security. Default credentials for many devices can be freely available on the web. You should always change the defaults immediately and choose a suitably strong password. Use a different password for each account and device.
5. Check if your router is secure
Your router is the first line of defence on the perimeter of your home network. If you have devices connected to your network, the default settings of your router might be exposing them to the internet and therefore everyone else. Create a strong password and look out for and install security updates.
6. If there’s a two-step identification option – use it!
Two-step authentication offers you an additional layer of security when logging in to an online service. While few devices will offer this service, the website you use to view its data might.
7. Be camera aware – you never know who’s watching
Some toys and devices are fitted with web cameras. The ability to view footage remotely is both their biggest selling point and, if not set up correctly, potentially their biggest weakness, as the baby monitor hacking issue demonstrated. If you have no intention of viewing footage over the internet, then turn the remote viewing option off in the device’s settings, or else use strong, non-default passwords.
8. Check location tracking is turned off
One of the main selling points of children’s smart watches is the ability for parents to know where their children are at all times. However, if this isn’t done securely, then others might have access to this data as well. Immediately get rid of default location tracking and GPS settings and set strong, unique passwords.
9. Ensure your Bluetooth is secure
It's not just potentially insecure web connections that can put children‘s online safety at risk. Some toys and devices have been found to have unencrypted Bluetooth connections which can be easily accessed by strangers. Consider disabling this in a device’s settings or, where possible, set a strong password.
10. Children have information rights too
Talk to your children about how try and stay in safer spaces online. For more information on how, read our expert advice here.
11. If in doubt, don’t splash out
If you aren’t convinced a smart toy or connected/wearable device will keep your children or your personal information safe, then don’t buy it. If consumers reject products that won’t protect them, then developers and retailers should soon get the message.
12. Have a secure Christmas
By taking some time and care beforehand and following our advice, you can still see a child’s face light up when they open their new, web-connected Christmas present, safe in the knowledge that you are keeping them secure as well as happy.
The ICO and other stakeholders are also working with manufacturers, wholesalers and retailers through the Secure By Default project, which aims to encourage data protection considerations from the outset in product development and commercial purchasing decisions, providing better protection for consumers in future.
Image: Public Domain