Now the IoT includes toys — and wow, what a surprise! They’re riddled with privacy and security problems, too.
Or Mattel’s Hello Barbie, its Wi-Fi enabled communications at risk for hacking and unauthorized surveillance. The flaws include this doll’s ability to connect to any Wi-Fi network named “Barbie” — it was absolutely brain-dead easy to spoof and begin snooping on anything this doll could “hear.”
It’s amazing these manufacturers ever thought these toys were appropriate for the marketplace, given their target audience. In VTech’s case, it appears to be nearly all ages (its Android app on Google Play is unrated), and in the case of Mattel’s Hello Barbie, it’s primarily girls ages 6-15.
These devices are especially iffy since they tippy-toe along the edge of the Children’s Online Privacy Protection Act of 1998 (a.k.a. COPPA, 15 U.S.C. 6501–6505).
Parents share much of the blame, too. Most have no clue what or how federal law covers children’s internet use under COPPA, or requirements under the Children’s Internet Protection Act (a.k.a. CIPA, 47 CFR 54.520). Nor do the parents who buy these devices appear to grasp this basic fact: any network-mediated or Wi-Fi toy, apart from the obvious cellphone/tablet/PC, is at implicit risk for leaking personal data or hackable. How are these devices risking exposure of children’s data, including their activities and location, age-appropriate toys?
This piece at Computerworld has a few helpful suggestions. In my opinion, the IoT doesn’t belong in your kids’ toybox until your kids are old enough to understand and manage personal digital information security to use the internet safely.
Frankly, many parents aren’t ready for safe internet use.