One by one, the New York Times warns of the dangers of every hot smart toy your kids are begging for this Xmas: Furbies, Cayla, kids' smart watches, the ubiquitous Vtech toys (they omit the catastrophic Cloudpets, presumably because that company is out of business now).
They warn of privacy dangers to your kids and your family, of adding vectors for attacks to your home network and its devices, and remind you that the FBI has issued a warning to parents not to buy these things.
Toy manufacturers have long searched for ways to bring toys alive for children. While microphones and cameras introduced some level of responsiveness, those interactions were generally limited to a canned response preset by a manufacturer. Internet connections opened up a new wealth of possibilities; now the toys can be paired with a computer or cellphone to allow children to constantly update their toys with new features.
The My Friend Cayla doll, for example, uses speech recognition software coupled with Google Translate. The doll's microphone records speech and then transmits it over the internet, a function that leaves it open to hackers, according to cybersecurity researchers. If the doll's owner does not designate a specific cellphone or tablet with which the doll should have an internet connection, anyone within 50 feet of the toy can use the Bluetooth connection to gain access to it. Security researchers have also raised concerns over what type of data the doll collects, and how the data is used.
A Cute Toy Just Brought a Hacker Into Your Home [Sheera Frenkel/New York Times]
Spies Under the Tree: This Season's Most Vulnerable Smart Toys [Top10 VPN]
