FBI Warns About Internet-Connected Toys' Security Risk

Do you want your kid's Barbie doll or stuffed animal to spy on you? Probably not, and that's why the FBI has warned consumers to consider their child's privacy and cyber security before "introducing smart, interactive, internet-connected toys into their homes or trusted environments."

A rising number of toys have been connected to the internet. Mattel actually made a smart Barbie doll, CloudPets made internet-connected stuff animals, and other companies have turned rudimentary playthings into Internet of Things (IoT) devices. The problems occur when companies don't secure these products--that smart Barbie can be hacked, and CloudPets' stuffed animals leaked private information and voice recordings.

The FBI said in a public service announcement that these toys "typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options." Gone are the days of toys being expensive bits of molded plastic; now they're basically miniature computers that happen to be shaped like toys. Parents are going to have to adapt to this change in playtime.

But how? Well, according to the FBI, by paying much more attention to everything about a toy. The agency said:

Consumers should examine toy company user agreement disclosures and privacy practices, and should know where their family’s personal data is sent and stored, including if it’s sent to third-party services. Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use. Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.

That's a lot of research to devote to one toy. Many people will probably see something on a store shelf--or cave after their child sees something--and buy it without thinking to examine user agreement disclosures and privacy practices. These people are busy raising their children; they shouldn't be expected to become security experts whenever their kid asks for the latest-and-greatest toy. Yet that's what the FBI recommends.

This problem isn't limited to toys. Many objects are being connected to the internet, and we've seen time and time again that companies don't take the necessary precautions to secure them. Politicians, digital rights groups, and other organizations have pushed for change, but right now buying an IoT device is like walking through a minefield. You probably shouldn't, but if you do, you'll have to keep your wits to emerge unscathed.

You can find more information about protecting your and your child's privacy when purchasing smart toys in the FBI's public service announcement. The agency encouraged anyone who thinks an internet-connected toy might not be safe to file a complaint with the Internet Crime Complaint Center. (And if you think a toy is alive, you should probably lay off the "Toy Story," just to be on the safe side.)