What toy should you put under the Christmas tree this year? If you were thinking about buying a smart toy for Christmas, the Vtech hack may cause you to re-think your decision.
For many parents the thought of their children’s personal data being stolen and made available online is the stuff of nightmares. So what exactly is a smart toy and should you be avoiding them in favor of a more traditional gift this year?
What happened to Vtech? Vtech’s tablets and other connected toys are all currently unable to access the app store. The Learning Lodge app store – which provides downloads of apps, games, music and books for toys made by VTech – had its database hacked on 14 November.
The personal information stolen, which was not encrypted, included the parent’s names, email addresses, passwords, secret questions and answers for password retrieval, IP addresses, postal addresses, download histories and children’s names, genders and birthdates. It has also been reported that photos, audio files and chat-logs were stolen – something that Vtech has not yet confirmed.
The numbers involved are huge – according to Vtech, 6.4 million children’s accounts were affected and it has now employed a security firm – Mandiant – to look at the damage and fix it. Until then, the app store will remain offline.
What’s the risk? If a toy is labeled “smart” then that probably means it’s connected to the internet in some manner, whether this be via an app, wi-fi or another method.
Security has not traditionally been an area of expertise for most toymakers so combining tech and toys could lead to problems.
Hello Barbie, another net-connected toy that can share conversations, games and stories with children, has also been subject to some scrutiny from security experts. Security researcher Matt Jakubowski discovered that conversations with children stored in the cloud can be accessed by others and that the toy can also be used as a surveillance device.
The risks of internet-enabled toys don’t end with security. Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won’t keep those secrets. When Barbie’s belt buckle is held down, everything your child says is transmitted to cloud servers, where it will be stored and analyzed by ToyTalk, Mattel’s technology partner.
ToyTalk states that passwords are stored in a hardware-encrypted section of the doll and that no conversation history is stored on the toy. It also said that stored data is “never used for advertising purposes.
Do connected toys destroy imaginative play? Those days many children live large parts of their lives on the internet so it seems obvious that toymakers would want to tap into that cultural shift.
And many of the toys they make are attempting to bridge the gap between the real world and the digital one. Some critics point out that tech toys – like talking dolls and dinosaurs – may limit the imaginative play element that is part of more traditional toys.
What kind of limits will you be setting for your children this year?