Back 1998, Child’s Play featured Good Guy doll, Chucky – the result of a serial killer, Charles Lee Ray, managing to possess the toy through a voodoo ritual after he got fatally wounded by cops.
More recently we’ve met Annabelle a Raggedy Ann doll which featured in the films The Conjuring (2013) and Annabelle (2014). The doll is actually based on a real life doll that’s housed in a museum in a glass box in Connecticut warning visitors not to open it.
And who can forget the use of Jigsaw in the Saw franchise? While the hook nosed puppet is not demonic himself, he’s definitely not something you want to see considering he’s the harbinger of cruel and unusual punishments.
While the thought of scary toys whispering into your child’s ear while they’re asleep or even awake sound like the work of horror novelist Stephen King or director James Wan (who is behind some of the Saw franchises and The Conjuring 2) they’re actually not that far fetched a concept because, these days, real life hackers can access your child’s toys and talk to them.
You may not be alone
There have been a number of recent examples where toys have been shown to have vulnerabilities. In February 2017, it was reported that personal data from fluffy stuffed toys could be stolen. Email addresses and passwords were leaked along with access to profile pictures and more than 2 million voice recordings of children and adults who used the CloudPets stuffed toys, according to a report in UK newspaper, The Guardian.
In 2015 it was reported that Mattel’s Hello Barbie, which records children’s voices, could be hacked – revealing not only children’s conversations, but also identifying the home address of the child.
Vtech, a company that specialises in children’s educational toys, was hacked. Not only were hackers able to access usernames, passwords, IP addresses and downloads but birthday dates, names, gender and photos of children.
Cayla dolls were deemed the perfect toys to interact with children, particularly during the ‘why’ phase, because if a child asked it a question it can connect to the internet and find an answer. But researchers found that the unsecured Bluetooth module can be used by hackers to eavesdrop and spy on parents and children. As a result, the German Federal Network Agency banned the doll because of the privacy risks.
Parents have also been warned that people can hack into baby monitors and talk to children as they sleep. New York’s Department of Consumer Affairs (DCA) issued a public statement warning parents to secure their baby monitors. According to an article in The Independent, some parents reported how they had walked into their child’s room in the middle of the night only to hear men speaking down the monitors to their children.
“These days more and more everyday objects are connected to the Internet, including children’s toys. Unless due care and attention is paid to security, there is a clear risk that data sent and received by any Internet of Things device (including toys) can be intercepted by an intruder,” explains David Emm principal security researcher at Kaspersky Lab.
Worryingly, most parents are unaware of the potential dangers, but Emm points out that parents are not entirely to blame for their ignorance. “After all, parents have always bought ‘cool’ toys for their children and connected toys and gadgets are just the latest in ‘cool’. We’re not psychologically prepared, as parents, to think of toys as computers. But unless you understand that there’s a risk, and understand the nature of the risk, you’re unlikely to take steps to reduce the risks.”
And if you think that toy manufacturers are dealing with this security problem, you could well be wrong and this could have devastating consequences. “Unfortunately, there’s ample evidence that toy manufacturers aren’t taking the necessary steps to ensure that toys are ‘Internet-safe’ before they reach the shelves of the toy stores. This isn’t surprising: historically, computer security hasn’t had to be top-of-mind for manufacturers of children’s toys. They are simply adding features that enhance the functionality of traditional toys, such as dolls, and make them more attractive to children growing up in the Internet age.”
So what can parents do?
Emm says it’s important that parents think about the impact a connected toy (or any other device) can have on their privacy and computer security. Think about all of the things the toy is doing – e.g. recording your child’s voice, sending this – or other data about your family – up to the cloud, connecting to other devices you have in the home – and decide if you’re comfortable sharing such data. He recommends the following actions:
- If you are not comfortable with the ability of the toy to share information and you don’t want to make use of all of the functionality offered switch it off (where that’s possible).
- For added security, change the default password used to access the device. “It’s easy for a hacker to learn the default passwords for a range of toys,” says Emm.
- Finally, don’t forget about data held in the cloud by the manufacturer or one of their partners. “If you create an account, you want to make sure that no one else can access it. So create a unique, complex password of 15 characters or more and make use of two-factor authentication where the online provider offers this,” adds Emm.
We say, if in doubt, don’t buy the latest gadget just because it’s cool and connected to the internet. It could very well be the reason behind a break in, your bank account being hacked or worse.
Of course, technology isn’t always the enemy, it can also be your friend. Check out this article on 8 Ways Technology Is Improving Your Health.